CVE-2026-7253

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

EUVD-2026-38266

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-7253

The CVE-2026-7253 issue affects IBM Watson Speech Services Cartridge (Sterling File Gateway) and is a Server-Side Request Forgery (SSRF) due to a flaw that allows an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration. Affected versions a...

CVE-2026-7253 IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]

Summary IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Regular Expression Denial of Service.

Summary picomatch-2.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33671, CVE-2026-33672. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Regular Expression Denial of Service.

Summary minimatch-9.0.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary IBM Java is used by IBM Sterling Connect:Direct Web Services CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily...

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-2200...

Security Bulletin: Security Vulnerability in Spring Cloud Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41235)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Cloud Vulnerability Details CVEID:CVE-2025-41235 DESCRIPTION: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. CWE:CWE-444:...

Security Bulletin: Security Vulnerability in Nimbus Jose JWT Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-53864)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Nimbus Jose JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a...

Security Bulletin: Security Vulnerability in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41248)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type...

Security Bulletin: Security Vulnerability in Spring Boot Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-22235)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Boot Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been create...

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator and IBM Sterling File Gateway

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities in Spring Framework Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patter...

Security Bulletin: Due to use of spring-web-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable to allows an attacker to consume available disk space.

Summary spring-web-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22740. Vulnerability Details CVEID:CVE-2026-22740 DESCRIPTION: A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp...

Security Bulletin: Due to use of spring-boot-autoconfigure-3.5.13.jar, IBM Sterling Connect:Direct Web Services is vulnerable to not perform hostname verification.

Summary spring-boot-autoconfigure-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40971, CVE-2026-40974. Vulnerability Details CVEID:CVE-2026-40971 DESCRIPTION: When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname...

Security Bulletin: Due to use of spring-security-core-6.5.9.jar, IBM Sterling Connect:Direct Web Services is vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition

Summary spring-security-core-6.5.9.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22746, CVE-2026-22751. Vulnerability Details CVEID:CVE-2026-22746 DESCRIPTION: Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or...

Security Bulletin: Due to use of spring-webmvc-6.2.17.jar, IBM Sterling Connect:Direct Web Services is affected by Uncontrolled Recursion vulnerability in Apache Commons.

Summary commons-configuration2-2.11.0.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-45205. Vulnerability Details CVEID:CVE-2026-45205 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will...

Security Bulletin: Due to use of js-yaml-4.1.0.tgz, IBM Sterling Connect:Direct Web Services is affected by modify the prototype of the result of a parsed yaml.

Summary js-yaml-4.1.0.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-64718. Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

Security Bulletin: Due to use of bcpkix-jdk18on-1.81.jar, IBM Sterling Connect:Direct Web Services is affected by Use of a Broken or Risky Cryptographic Algorithm vulnerability.

Summary bcpkix-jdk18on-1.81.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-5588. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion o...