Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Velocity

Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache-Velocity library

Summary Vulnerabilities have been identified in Apache-Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java cod...

CVE-2025-31991

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

CVE-2025-31990

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service DoS attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability ...

ai.chronon:flink_2.12 (>=0.0.62 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:online_2.12 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +7202 more potentially affected by CVE-2020-13936 via org.apache.velocity:velocity (>=1.5 <=1.7)

org.apache.velocity:velocity MAVEN version =1.5, =0.0.62, =0.0.25, =0.0.25, =0.0.86, =0.0.86, =0.0.8, =0.0.6, =4.5.0, =4.6.0 and more Source cves: CVE-2020-13936 Source advisory: OSV:GHSA-59J4-WJWP-MW9M...

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

Iteris Apache Velocity 跨站脚本漏洞

Iteris Apache Velocity is a software application from the United States Iteris. It is used to create and maintain open source software features related to the Apache Velocity Engine. A security vulnerability exists in Apache Velocity 3.1, which can be exploited by an attacker to steal a session...

VELOCITY local code execution vulnerability-vulnerability warning-the black bar safety net

by emptiness prodigal heart velocity is a J2EE MVC architecture the most commonly used presentation layer template file, due to the excellent performance, very much of the J2EE Application, use this template. Usually when in use, and other framework-binding, the most common framework is struts2,...