Security Bulletin: vulerability in IBM Spectrum Symphony with spring framework

Summary vulerability in IBM Spectrum Symphony with spring framework Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

Security Bulletin: vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty

Summary vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass...

Security Bulletin: Vulerability in IBM Spectrum Symphony with OpenSSL

Summary Vulerability in IBM Spectrum Symphony with OpenSSL Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDS...

CVE-2025-3756 Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850

A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication...

CVE-2025-3756

The vulnerability CVE-2025-3756 affects the IEC 61850 command handling in System 800xA products, specifically the PM 877, CI850, and CI868 modules, and impacts S+ Operations connectivity. A specially crafted IEC 61850 packet can force the affected interfaces into fault mode or render the S+ Opera...

Malicious code in symphony-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 043c1edf6e1236518709ec4cecd320367fba8de6f3b1ccc52038ada2c08abcb8 The package symphony-core was found to contain malicious code. Source: ghsa-malware 5c6f5ab5486f9ad46cd864ccf677494724eb5cddafcda7be2300f61dc5b2257a...

MAL-2026-2608 Malicious code in symphony-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 043c1edf6e1236518709ec4cecd320367fba8de6f3b1ccc52038ada2c08abcb8 The package symphony-core was found to contain malicious code. Source: ghsa-malware 5c6f5ab5486f9ad46cd864ccf677494724eb5cddafcda7be2300f61dc5b2257a...

Malicious Package

Overview symphony-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

ABB Ability Symphony Plus Engineering

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. The ABB S+ Engineering product versions are affected by vulnerabilities in PostgreSQL version 13.11 and earlier versions. If an attacker gains access to a site’s S+ Client Server network, they...

ABB多款产品 安全漏洞

The ABB AC800M is a product of the Swiss company ABB. The ABB AC800M is a modular process controller designed for industrial automation systems. The ABB Symphony Plus SD Series consists of a series of control and I/O devices intended for industrial process control and distributed control systems...

Malicious Package

Overview symphony-fairvis is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2018-12043

content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page...

Security Bulletin: IBM Spectrum Symphony with IBM WebSphere Application Server Liberty is vulnerable to a denial of service

Summary IBM Spectrum Symphony with IBM WebSphere Application Server Liberty is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions...

Security Bulletin: vulerability in IBM Spectrum Symphony with spring webmvc

Summary vulerability in IBM Spectrum Symphony with spring webmvc Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable whe...

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java API

Summary multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java TLS API Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the...

CVE-2013-7346

Cross-site request forgery CSRF vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559...

CVE-2025-12491

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

EUVD-2025-204959

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-12491

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-12491

Senstar Symphony CVE-2025-12491 affects the FetchStoredLicense method. The issue is an information disclosure in the implementation, allowing remote attackers to disclose sensitive information (stored credentials) without authentication. The root cause is exposure of sensitive data in FetchStored...