Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-66675 (GCVE-0-2025-66675)
Vulnerability from cvelistv5 – Published: 2025-12-10 09:32 – Updated: 2025-12-10 14:53
VLAI
EPSS
Title
Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed
Summary
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.
This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.
Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
It's related to https://cve.org/CVERecord?id=CVE-2025-64775 - this CVE addresses missing affected version 6.7.4
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-459 - Incomplete Cleanup
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cwiki.apache.org/confluence/display/WW/S2-068 | vendor-advisory |
| https://cve.org/CVERecord?id=CVE-2025-64775 | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Struts |
Affected:
2.0.0 , ≤ 6.7.*
(semver)
Affected: 7.0.0 , ≤ 7.0.* (semver) |
Credits
Nicolas Fournier
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T14:52:50.294504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T14:53:13.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.struts:struts2-core",
"product": "Apache Struts",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "6.7.*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicolas Fournier"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDenial of Service vulnerability in Apache Struts, f\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eile leak in multipart request processing causes disk exhaustion.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.\u003cbr\u003e\u003cbr\u003eIt\u0027s related to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cve.org/CVERecord?id=CVE-2025-64775\"\u003ehttps://cve.org/CVERecord?id=CVE-2025-64775\u003c/a\u003e\u0026nbsp;- this CVE addresses missing affected version 6.7.4\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.\n\nIt\u0027s related to\u00a0 https://cve.org/CVERecord?id=CVE-2025-64775 \u00a0- this CVE addresses missing affected version 6.7.4"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T09:32:58.536Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cwiki.apache.org/confluence/display/WW/S2-068"
},
{
"tags": [
"related"
],
"url": "https://cve.org/CVERecord?id=CVE-2025-64775"
}
],
"source": {
"advisory": "S2-068",
"discovery": "UNKNOWN"
},
"title": "Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-66675",
"datePublished": "2025-12-10T09:32:58.536Z",
"dateReserved": "2025-12-07T08:25:45.422Z",
"dateUpdated": "2025-12-10T14:53:13.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-66675",
"date": "2026-06-17",
"epss": "0.00508",
"percentile": "0.39212"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66675\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-12-10T10:16:02.170\",\"lastModified\":\"2025-12-16T18:39:51.930\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\\n\\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\\n\\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.\\n\\nIt\u0027s related to\u00a0 https://cve.org/CVERecord?id=CVE-2025-64775 \u00a0- this CVE addresses missing affected version 6.7.4\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.3.37\",\"matchCriteriaId\":\"AB32EC52-8599-4E6C-9F87-D2BC050A2531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndIncluding\":\"2.5.33\",\"matchCriteriaId\":\"52DA80BB-35F0-4290-902F-66D27FB9A98F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.8.0\",\"matchCriteriaId\":\"3F8EB632-F594-4D9D-917E-8D20FAAF46DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.1.1\",\"matchCriteriaId\":\"F5D73897-58B2-4229-A621-B651E4797241\"}]}]}],\"references\":[{\"url\":\"https://cve.org/CVERecord?id=CVE-2025-64775\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cwiki.apache.org/confluence/display/WW/S2-068\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66675\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-10T14:52:50.294504Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-10T14:53:10.267Z\"}}], \"cna\": {\"title\": \"Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed\", \"source\": {\"advisory\": \"S2-068\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Nicolas Fournier\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Struts\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.*\"}], \"packageName\": \"org.apache.struts:struts2-core\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://cwiki.apache.org/confluence/display/WW/S2-068\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://cve.org/CVERecord?id=CVE-2025-64775\", \"tags\": [\"related\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\\n\\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\\n\\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.\\n\\nIt\u0027s related to\\u00a0 https://cve.org/CVERecord?id=CVE-2025-64775 \\u00a0- this CVE addresses missing affected version 6.7.4\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDenial of Service vulnerability in Apache Struts, f\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eile leak in multipart request processing causes disk exhaustion.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.\u003cbr\u003e\u003cbr\u003eIt\u0027s related to\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://cve.org/CVERecord?id=CVE-2025-64775\\\"\u003ehttps://cve.org/CVERecord?id=CVE-2025-64775\u003c/a\u003e\u0026nbsp;- this CVE addresses missing affected version 6.7.4\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-459\", \"description\": \"CWE-459 Incomplete Cleanup\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-12-10T09:32:58.536Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66675\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-10T14:53:13.391Z\", \"dateReserved\": \"2025-12-07T08:25:45.422Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-12-10T09:32:58.536Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0327
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.1.x antérieures à 6.1.2.8 | ||
| IBM | Sterling | Sterling Control Center versions 6.4.2.x antérieures à 6.4.2.0 iFix01 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.2.2.x antérieures à 6.2.2.0_1 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 12.10.x antérieures à 12.10.xC16W6 | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité PH69757 et PH69729 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.2.x antérieures à 6.2.0.5_2 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP15 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.12.x antérieures à 1.11.9.0 | ||
| IBM | Sterling | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix07 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.10.x antérieures à 1.11.9.0 | ||
| IBM | Sterling | Sterling Control Center versions 6.4.1.x antérieures à 6.4.1.0 iFix01 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.2.1.x antérieures à 6.2.1.1_2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.8",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.2.x ant\u00e9rieures \u00e0 6.4.2.0 iFix01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.0_1",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 12.10.x ant\u00e9rieures \u00e0 12.10.xC16W6",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 PH69757 et PH69729",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.5_2",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP15",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.11.9.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix07",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.11.9.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.1.x ant\u00e9rieures \u00e0 6.4.1.0 iFix01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.1_2",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-68349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68349"
},
{
"name": "CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
},
{
"name": "CVE-2025-14242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14242"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2025-39933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39933"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2025-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40322"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2025-40271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40271"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2022-50673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50673"
},
{
"name": "CVE-2025-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"name": "CVE-2025-40269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40269"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2025-4897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4897"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2023-53552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53552"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-57350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57350"
},
{
"name": "CVE-2025-66453",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66453"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2025-40158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40158"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-59250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2025-64775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64775"
},
{
"name": "CVE-2025-39760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39760"
},
{
"name": "CVE-2025-40135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40135"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2025-14031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14031"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2022-50865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50865"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"name": "CVE-2025-40170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40170"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2026-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1264"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-66675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66675"
},
{
"name": "CVE-2025-68301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68301"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2026-22998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22998"
},
{
"name": "CVE-2025-40258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
},
{
"name": "CVE-2025-6547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
},
{
"name": "CVE-2025-40096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
},
{
"name": "CVE-2025-57352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57352"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0327",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266518",
"url": "https://www.ibm.com/support/pages/node/7266518"
},
{
"published_at": "2026-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7263574",
"url": "https://www.ibm.com/support/pages/node/7263574"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266520",
"url": "https://www.ibm.com/support/pages/node/7266520"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266678",
"url": "https://www.ibm.com/support/pages/node/7266678"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266497",
"url": "https://www.ibm.com/support/pages/node/7266497"
},
{
"published_at": "2026-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266324",
"url": "https://www.ibm.com/support/pages/node/7266324"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266711",
"url": "https://www.ibm.com/support/pages/node/7266711"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266677",
"url": "https://www.ibm.com/support/pages/node/7266677"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266399",
"url": "https://www.ibm.com/support/pages/node/7266399"
},
{
"published_at": "2026-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266321",
"url": "https://www.ibm.com/support/pages/node/7266321"
}
]
}
FKIE_CVE-2025-66675
Vulnerability from fkie_nvd - Published: 2025-12-10 10:16 - Updated: 2026-06-17 09:57
Severity
Summary
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.
This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.
Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
It's related to https://cve.org/CVERecord?id=CVE-2025-64775 - this CVE addresses missing affected version 6.7.4
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://cve.org/CVERecord?id=CVE-2025-64775 | Third Party Advisory | |
| security@apache.org | https://cwiki.apache.org/confluence/display/WW/S2-068 | Vendor Advisory |
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.struts:struts2-core",
"product": "Apache Struts",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "6.7.*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"source": "security@apache.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB32EC52-8599-4E6C-9F87-D2BC050A2531",
"versionEndIncluding": "2.3.37",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52DA80BB-35F0-4290-902F-66D27FB9A98F",
"versionEndIncluding": "2.5.33",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8EB632-F594-4D9D-917E-8D20FAAF46DB",
"versionEndExcluding": "6.8.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D73897-58B2-4229-A621-B651E4797241",
"versionEndExcluding": "7.1.1",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.\n\nIt\u0027s related to\u00a0 https://cve.org/CVERecord?id=CVE-2025-64775 \u00a0- this CVE addresses missing affected version 6.7.4"
}
],
"id": "CVE-2025-66675",
"lastModified": "2026-06-17T09:57:09.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-66675",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T14:52:50.294504Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-12-10T10:16:02.170",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.org/CVERecord?id=CVE-2025-64775"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cwiki.apache.org/confluence/display/WW/S2-068"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
GHSA-RG58-XHH7-MQJW
Vulnerability from github – Published: 2025-12-10 12:31 – Updated: 2025-12-10 17:21
VLAI
Summary
Apache Struts has a Denial of Service vulnerability
Details
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.
This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.
Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
Severity
8.2 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "6.8.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66675"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-10T17:21:39Z",
"nvd_published_at": "2025-12-10T10:16:02Z",
"severity": "HIGH"
},
"details": "Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.",
"id": "GHSA-rg58-xhh7-mqjw",
"modified": "2025-12-10T17:21:39Z",
"published": "2025-12-10T12:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66675"
},
{
"type": "WEB",
"url": "https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468"
},
{
"type": "WEB",
"url": "https://cve.org/CVERecord?id=CVE-2025-64775"
},
{
"type": "WEB",
"url": "https://cwiki.apache.org/confluence/display/WW/S2-068"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/struts"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Struts has a Denial of Service vulnerability"
}
WID-SEC-W-2025-2704
Vulnerability from csaf_certbund - Published: 2025-12-01 23:00 - Updated: 2026-03-17 23:00Summary
Apache Struts: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Struts ist ein Framework für Java-Anwendungen auf dem Webserver Apache.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Struts ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Windows
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Netcool/OMNIbus 8.1.0
IBM / Tivoli Netcool/OMNIbus
|
cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0
|
8.1.0 | |
|
Apache Struts <7.1.1
Apache / Struts
|
<7.1.1 | ||
|
Atlassian Bamboo <10.2.16 (LTS)
Atlassian / Bamboo
|
<10.2.16 (LTS) | ||
|
Apache Struts <6.8.0
Apache / Struts
|
<6.8.0 | ||
|
Atlassian Bamboo <9.6.24 (LTS)
Atlassian / Bamboo
|
<9.6.24 (LTS) | ||
|
Atlassian Bamboo <12.1.3 (LTS)
Atlassian / Bamboo
|
<12.1.3 (LTS) | ||
|
Apache Struts 2.0.0-6.7.4
Apache / Struts
|
cpe:/a:apache:struts:2.0.0_-_6.7.4
|
2.0.0-6.7.4 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Netcool/OMNIbus 8.1.0
IBM / Tivoli Netcool/OMNIbus
|
cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0
|
8.1.0 | |
|
Apache Struts <7.1.1
Apache / Struts
|
<7.1.1 | ||
|
Atlassian Bamboo <10.2.16 (LTS)
Atlassian / Bamboo
|
<10.2.16 (LTS) | ||
|
Apache Struts <6.8.0
Apache / Struts
|
<6.8.0 | ||
|
Atlassian Bamboo <9.6.24 (LTS)
Atlassian / Bamboo
|
<9.6.24 (LTS) | ||
|
Atlassian Bamboo <12.1.3 (LTS)
Atlassian / Bamboo
|
<12.1.3 (LTS) | ||
|
Apache Struts 2.0.0-6.7.4
Apache / Struts
|
cpe:/a:apache:struts:2.0.0_-_6.7.4
|
2.0.0-6.7.4 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Struts ist ein Framework f\u00fcr Java-Anwendungen auf dem Webserver Apache.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Struts ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2704 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2704.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2704 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2704"
},
{
"category": "external",
"summary": "Apache Struts Security Bulletin S2-068 vom 2025-12-01",
"url": "https://cwiki.apache.org/confluence/display/WW/S2-068"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2418059 vom 2025-12-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418059"
},
{
"category": "external",
"summary": "Seclists Mailing vom 2025-12-01",
"url": "https://seclists.org/oss-sec/2025/q4/219"
},
{
"category": "external",
"summary": "CVE-2025-66675 vom 2025-12-09",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66675"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7261892 vom 2026-02-26",
"url": "https://www.ibm.com/support/pages/node/7261892"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - March 17 2026",
"url": "https://confluence.atlassian.com/security/security-bulletin-march-17-2026-1721271371.html"
}
],
"source_lang": "en-US",
"title": "Apache Struts: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2026-03-17T23:00:00.000+00:00",
"generator": {
"date": "2026-03-18T12:13:03.972+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2704",
"initial_release_date": "2025-12-01T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-01T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "2",
"summary": "CVE-2025-66675 und weitere betroffene Versionen erg\u00e4nzt"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2025-202417"
},
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-17T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.8.0",
"product": {
"name": "Apache Struts \u003c6.8.0",
"product_id": "T048981"
}
},
{
"category": "product_version",
"name": "6.8.0",
"product": {
"name": "Apache Struts 6.8.0",
"product_id": "T048981-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:struts:6.8.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.1.1",
"product": {
"name": "Apache Struts \u003c7.1.1",
"product_id": "T048982"
}
},
{
"category": "product_version",
"name": "7.1.1",
"product": {
"name": "Apache Struts 7.1.1",
"product_id": "T048982-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:struts:7.1.1"
}
}
},
{
"category": "product_version",
"name": "2.0.0-6.7.4",
"product": {
"name": "Apache Struts 2.0.0-6.7.4",
"product_id": "T049313",
"product_identification_helper": {
"cpe": "cpe:/a:apache:struts:2.0.0_-_6.7.4"
}
}
}
],
"category": "product_name",
"name": "Struts"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.1.3 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c12.1.3 (LTS)",
"product_id": "T051830"
}
},
{
"category": "product_version",
"name": "12.1.3 (LTS)",
"product": {
"name": "Atlassian Bamboo 12.1.3 (LTS)",
"product_id": "T051830-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:12.1.3_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.16 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c10.2.16 (LTS)",
"product_id": "T051831"
}
},
{
"category": "product_version",
"name": "10.2.16 (LTS)",
"product": {
"name": "Atlassian Bamboo 10.2.16 (LTS)",
"product_id": "T051831-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.16_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.24 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c9.6.24 (LTS)",
"product_id": "T051832"
}
},
{
"category": "product_version",
"name": "9.6.24 (LTS)",
"product": {
"name": "Atlassian Bamboo 9.6.24 (LTS)",
"product_id": "T051832-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.24_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.1.0",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus 8.1.0",
"product_id": "700367",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0"
}
}
}
],
"category": "product_name",
"name": "Tivoli Netcool/OMNIbus"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64775",
"product_status": {
"known_affected": [
"700367",
"T048982",
"T051831",
"T048981",
"T051832",
"T051830",
"T049313"
]
},
"release_date": "2025-12-01T23:00:00.000+00:00",
"title": "CVE-2025-64775"
},
{
"cve": "CVE-2025-66675",
"product_status": {
"known_affected": [
"700367",
"T048982",
"T051831",
"T048981",
"T051832",
"T051830",
"T049313"
]
},
"release_date": "2025-12-01T23:00:00.000+00:00",
"title": "CVE-2025-66675"
}
]
}
WID-SEC-W-2026-0783
Vulnerability from csaf_certbund - Published: 2026-03-18 23:00 - Updated: 2026-03-18 23:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuführen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuführen, um einen Cross-Site Scripting Angriff durchzuführen, und um Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuf\u00fchren, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, und um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0783 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0783.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0783 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0783"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7266709 vom 2026-03-18",
"url": "https://www.ibm.com/support/pages/node/7266709"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7266711 vom 2026-03-18",
"url": "https://www.ibm.com/support/pages/node/7266711"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-18T23:00:00.000+00:00",
"generator": {
"date": "2026-03-19T10:08:04.786+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0783",
"initial_release_date": "2026-03-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP15",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP15",
"product_id": "T051890"
}
},
{
"category": "product_version",
"name": "7.5.0 UP15",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP15",
"product_id": "T051890-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up15"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-46337",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2022-46337"
},
{
"cve": "CVE-2022-50673",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2022-50673"
},
{
"cve": "CVE-2022-50865",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2022-50865"
},
{
"cve": "CVE-2023-44483",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2023-44483"
},
{
"cve": "CVE-2023-53552",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2024-26766",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2024-26766"
},
{
"cve": "CVE-2025-12084",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-12084"
},
{
"cve": "CVE-2025-14104",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-14104"
},
{
"cve": "CVE-2025-14242",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-14242"
},
{
"cve": "CVE-2025-15366",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15366"
},
{
"cve": "CVE-2025-15367",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15367"
},
{
"cve": "CVE-2025-23184",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-27533",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-38022",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38022"
},
{
"cve": "CVE-2025-38024",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38024"
},
{
"cve": "CVE-2025-38051",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38051"
},
{
"cve": "CVE-2025-38403",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38415",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38459",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38459"
},
{
"cve": "CVE-2025-39760",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-39760"
},
{
"cve": "CVE-2025-39933",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-39933"
},
{
"cve": "CVE-2025-40096",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40135",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40135"
},
{
"cve": "CVE-2025-40158",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40158"
},
{
"cve": "CVE-2025-40170",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40170"
},
{
"cve": "CVE-2025-40258",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40269",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40269"
},
{
"cve": "CVE-2025-40271",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40271"
},
{
"cve": "CVE-2025-40322",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40322"
},
{
"cve": "CVE-2025-48913",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-48913"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-4897",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-4897"
},
{
"cve": "CVE-2025-5372",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-5372"
},
{
"cve": "CVE-2025-53905",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-58457",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-58457"
},
{
"cve": "CVE-2025-6176",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-6176"
},
{
"cve": "CVE-2025-64775",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-64775"
},
{
"cve": "CVE-2025-66418",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-66453",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66453"
},
{
"cve": "CVE-2025-66471",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66471"
},
{
"cve": "CVE-2025-66675",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66675"
},
{
"cve": "CVE-2025-68301",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-68301"
},
{
"cve": "CVE-2025-68349",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-68349"
},
{
"cve": "CVE-2025-8916",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9086",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2026-0865",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-0865"
},
{
"cve": "CVE-2026-1188",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-1188"
},
{
"cve": "CVE-2026-1299",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-1299"
},
{
"cve": "CVE-2026-21441",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21441"
},
{
"cve": "CVE-2026-21925",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21945"
},
{
"cve": "CVE-2026-22998",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-22998"
},
{
"cve": "CVE-2025-13995",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-13995"
},
{
"cve": "CVE-2025-36051",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-36051"
},
{
"cve": "CVE-2025-15051",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15051"
},
{
"cve": "CVE-2026-1276",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-1276"
}
]
}
WID-SEC-W-2026-1032
Vulnerability from csaf_certbund - Published: 2026-04-08 22:00 - Updated: 2026-06-07 22:00Summary
IBM Tivoli Network Manager: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <4.2.0.24
IBM / Tivoli Network Manager
|
IP Edition <4.2.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Storage Scale <6.0.1.0
IBM / Storage Scale
|
<6.0.1.0 | ||
|
IBM Storage Scale <5.2.3.8
IBM / Storage Scale
|
<5.2.3.8 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1032 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1032.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1032 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1032"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268900 vom 2026-04-08",
"url": "https://www.ibm.com/support/pages/node/7268900"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8509 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8509"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14276 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:14276"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14272 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:14272"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7275270 vom 2026-06-05",
"url": "https://www.ibm.com/support/pages/node/7275270"
}
],
"source_lang": "en-US",
"title": "IBM Tivoli Network Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-07T22:00:00.000+00:00",
"generator": {
"date": "2026-06-08T09:28:17.276+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1032",
"initial_release_date": "2026-04-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-16T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-07T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.2.3.8",
"product": {
"name": "IBM Storage Scale \u003c5.2.3.8",
"product_id": "T055027"
}
},
{
"category": "product_version",
"name": "5.2.3.8",
"product": {
"name": "IBM Storage Scale 5.2.3.8",
"product_id": "T055027-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:5.2.3.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.1.0",
"product": {
"name": "IBM Storage Scale \u003c6.0.1.0",
"product_id": "T055028"
}
},
{
"category": "product_version",
"name": "6.0.1.0",
"product": {
"name": "IBM Storage Scale 6.0.1.0",
"product_id": "T055028-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:6.0.1.0"
}
}
}
],
"category": "product_name",
"name": "Storage Scale"
},
{
"branches": [
{
"category": "product_version_range",
"name": "IP Edition \u003c4.2.0.24",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c4.2.0.24",
"product_id": "T052592"
}
},
{
"category": "product_version",
"name": "IP Edition 4.2.0.24",
"product": {
"name": "IBM Tivoli Network Manager IP Edition 4.2.0.24",
"product_id": "T052592-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2.0.24"
}
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2025-11226",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-11226"
},
{
"cve": "CVE-2025-40918",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-40918"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-53864",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-55163",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-64775",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-64775"
},
{
"cve": "CVE-2025-66675",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-66675"
},
{
"cve": "CVE-2025-68161",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-1225",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-1225"
},
{
"cve": "CVE-2026-21925",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-21945"
},
{
"cve": "CVE-2026-24281",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-24281"
},
{
"cve": "CVE-2026-24308",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-24308"
},
{
"cve": "CVE-2026-27171",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-27171"
},
{
"cve": "CVE-2026-3381",
"product_status": {
"known_affected": [
"T052592",
"67646",
"T055028",
"T055027"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-3381"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…