Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary spring-boot-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40973, CVE-2026-40975, CVE-2026-40977. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the directory used by...

CVE-2026-40994

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

CVE-2026-41000

The CVE-2026-41000 issue affects Spring Web Services where Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. This undermines protections against replay of UsernameToken nonces and creation timestamps, as well as Time...

EUVD-2026-36206

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators explicitly reconfigured the flag...

Insecure Defaults

Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability (CVE-2026-9319)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a remote code execution vulnerability (CVE-2026-9319)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

EUVD-2026-33737

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

CVE-2026-9319 IBM WebSphere Application Server is affected by a remote code execution vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

IBM WebSphere Application Server 代码问题漏洞

IBM WebSphere Application Server is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications and forms the foundation of the IBM WebSphere software suite. Versions 9.0 and 8.5 of IBM WebSphere Application Server contained code vulnerabilitie...

EUVD-2026-13486

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: REST WebServices and Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable...

EUVD-2008-2545

Malware in sbrugna...

EUVD-2008-5391

Malware in sbrugna...

EUVD-2009-0888

Malware in sbrugna...

EUVD-2011-1384

Malware in sbrugna...

EUVD-2020-23250

Malware in sbrugna...

EUVD-2008-4659

Malware in sbrugna...

EUVD-2010-0812

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-13574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial o...

CVE-2011-3568

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security...