SB2025063009 - Multiple vulnerabilities in IBM Cloud Pak for AIOps
Published: June 30, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 69 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2024-56827)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the opj_j2k_add_tlmarker() function in src/lib/openjp2/j2k.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Untrusted search path (CVE-ID: CVE-2025-24789)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version, when EXTERNALBROWSER authentication method is used on Windows.
3) Configuration (CVE-ID: CVE-2025-27820)
The issue may allow a remote attacker to bypass security restrictions.
The issue exists due to an error in PSL validation logic that disables domain checks, affecting cookie management and host name verification. A remote attacker can gain unauthorized access to sensitive information.
4) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2024-3596)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in RADIUS Protocol. A remote user can perform a man-in-the-middle (MitM) attack and gain access to target system.
5) Resource exhaustion (CVE-ID: CVE-2024-11187)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling DNS zones with numerous records in the Additional section. A remote attacker can trigger resource exhaustion by sending multiple queries to he affected server and perform a denial of service (DoS) attack.
6) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-27496)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands when the logging level was set to DEBUG. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. A local user can read the log files and gain access to sensitive data.
7) Resource exhaustion (CVE-ID: CVE-2024-9823)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the DoSFilter. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
8) Heap-based buffer overflow (CVE-ID: CVE-2024-56826)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Input validation error (CVE-ID: CVE-2025-27219)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CGI::Cookie.parse. A remote attacker can send a specially crafted HTTP request to the application and perform a denial of service (DoS) attack.
10) Asymmetric Resource Consumption (Amplification) (CVE-ID: CVE-2025-25186)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
11) Use-after-free (CVE-ID: CVE-2024-25062)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xmlValidatePopElement when using the XML Reader interface with DTD validation and XInclude expansion enabled. A remote attacker can pass a specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
12) Use-after-free (CVE-ID: CVE-2024-55549)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xsltGetInheritedNsList. A remote attacker can pass specially crafted input to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
13) Resource exhaustion (CVE-ID: CVE-2024-43709)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can send a specially crafted query using an SQL function, trigger resource exhaustion and perform a denial of service (DoS) attack.
14) Resource exhaustion (CVE-ID: CVE-2025-1948)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling HTTP/2 requests. A remote attacker can force the server to allocate a large amount of resources and perform a denial of service (DoS) attack.
15) Uncontrolled Recursion (CVE-ID: CVE-2024-52981)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion when using the Well-KnownText formatted string with nested GeometryCollection objects. A remote user can perform a denial of service attack.
16) Improper resource shutdown or release (CVE-ID: CVE-2024-13009)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in GzipHandler when handling certain URL paths. A remote attacker can send a specially crafted HTTP request to the affected server and force it to reveal a part of the request body in a separate request.
17) Stack-based buffer overflow (CVE-ID: CVE-2024-8176)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling XML content. A remote attacker can pass specially crafted XML content to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Path traversal (CVE-ID: CVE-2024-12088)
The vulnerability allows a remote server to write files to arbitrary locations on the system.
19) Out-of-bounds write (CVE-ID: CVE-2019-12900)
20) Resource management error (CVE-ID: CVE-2024-57699)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a specially crafted JSON input. A remote attacker can pass a large number of ’{’ characters to the application and perform a denial of service (DoS) attack.
Note, the vulnerability exists due to incomplete fix for #VU75044 (CVE-2023-1370).
21) Input validation error (CVE-ID: CVE-2024-50602)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the XML_ResumeParser function. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.
22) Cross-site scripting (CVE-ID: CVE-2025-32379)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
23) Race condition (CVE-ID: CVE-2024-12747)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition when handling symbolic links. A local user can replace a file with a symbolic link, bypass implemented protection in rsync that prevents software from following symbolic links and read contents of arbitrary files on the system with elevated privileges.
24) Path traversal (CVE-ID: CVE-2024-12087)
The vulnerability allows a remote server to write files to arbitrary locations on the system.
The vulnerability exists due to input validation error when using "--inc-recursive" option. A remote attacker can can trick the victim into connecting to a rouge rsync server and write arbitrary files to arbitrary locations on the client system.
25) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-23445)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions on the API key for the cross-cluster search. If a cross-cluster API key restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned. A remote user can gain access to potentially sensitive information.
26) Insecure Storage of Sensitive Information (CVE-ID: CVE-2024-10041)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores secrets in memory in plain text. A local user can read the memory and obtain passwords in plain text when PAM is used to perform authentication.
27) Path traversal (CVE-ID: CVE-2025-27553)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing double dots, e.g. ".." in file names. A remote attacker can view files outside of the current scope.
28) NULL pointer dereference (CVE-ID: CVE-2024-26130)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
29) Input validation error (CVE-ID: CVE-2023-29483)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Tudoor mechanism. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
30) Resource management error (CVE-ID: CVE-2024-47535)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unsafe reading of an environment file on Windows. A local user can create an overly large file and perform a denial of service (DoS) attack.
31) Link following (CVE-ID: CVE-2025-0377)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability occurs when a non-existing user-provided path is extracted from the tar entry. A remote attacker can gain unauthorized access to sensitive information on the system.
32) Improper Encoding or Escaping of Output (CVE-ID: CVE-2024-52005)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when handling ANSI escape sequences in messages passed via sideband channel. A remote attacker can pass specially crafted messages to the terminal and potentially execute untrusted scripts.
33) Information disclosure (CVE-ID: CVE-2025-30474)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in the FtpFileObject class, that can expose passwords in clear text. A remote attacker can gain unauthorized access to sensitive information.
34) Resource exhaustion (CVE-ID: CVE-2024-52980)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can use the innerForbidCircularReferences function of the PatternBank class to cause the Elasticsearch node to crash.
35) Cryptographic issues (CVE-ID: CVE-2025-47278)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to the way fallback key configuration was handled. The application used the last fallback key for signing, rather than the current signing key, which could potentially lead to data tampering.
36) Information disclosure (CVE-ID: CVE-2024-45336)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the HTTP client will send Authorization header to a third-party domain after a chain of redirects. A remote attacker can gain unauthorized access to credentials.
37) Type Confusion (CVE-ID: CVE-2024-6119)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error when performing certificate name checks. A remote attacker can supply a specially crafted X.509 certificate to the server, trigger a type confusion error and perform a denial of service (DoS) attack.
38) Resource exhaustion (CVE-ID: CVE-2024-53981)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application generates excessive log entries when parsing form data. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
39) Incorrect default permissions (CVE-ID: CVE-2025-24790)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file when temporary credential caching is enabled. A local user with access to the system can view contents of files and directories or modify them.
40) Information disclosure (CVE-ID: CVE-2025-31492)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote authenticated user can send a specially crafted HTTP POST request and can gain unauthorized access to sensitive information.
41) Out-of-bounds read (CVE-ID: CVE-2020-13790)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. A remote attacker can perform a denial of service attack.
42) OS Command Injection (CVE-ID: CVE-2024-9287)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation in the venv module when creating a virtual environment. A local user can pass specially crafted strings to the application and execute arbitrary OS commands on the target system.
43) Resource exhaustion (CVE-ID: CVE-2024-45338)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in several Parse functions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
44) Insufficient verification of data authenticity (CVE-ID: CVE-2024-25638)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper response validation when handling DNS queries. Records in DNS replies are not checked for their relevance to the query,
allowing an attacker to respond with RRs from different zones. A remote attacker can bypass DNSSEC restrictions.
45) Buffer overflow (CVE-ID: CVE-2025-0395)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when the assert() function fails. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.
46) Memory corruption (CVE-ID: CVE-2017-9047)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the xmlSnprintfElementContent function of XMLSoft libxml2 due to improper memory handling by the valid.c source code. A remote attacker can send a specially crafted XML file, trigger memory corruption and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
47) Stack-based buffer overflow (CVE-ID: CVE-2025-24928)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xmlSnprintfElements() function in valid.c. A remote attacker can pass specially crafted XML data to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
48) Use-after-free (CVE-ID: CVE-2024-56171)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the xmlSchemaIDCFillNodeTables() and xmlSchemaBubbleIDCNodeTables() functions in xmlschemas.c. A remote attacker can pass specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
49) Use-after-free (CVE-ID: CVE-2025-31498)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the read_answers() function. A remote attacker can send specially crafted ICMP UNREACHABLE packets to the application, trigger a use-after-free error and execute arbitrary code on the system.
50) Resource exhaustion (CVE-ID: CVE-2025-46727)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
51) Security features bypass (CVE-ID: CVE-2024-35195)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the session object does not verify requests after making first request with verify=False. A local administrator can bypass authentication.
52) Cross-site scripting (CVE-ID: CVE-2025-26791)
The disclosed vulnerability allows a remote attacker to perform mutation cross-site scripting (XSS) attacks.
The vulnerability exists due to DOMPurify has an incorrect template literal regular expression. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
53) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2024-23953)
The vulnerability allows a remote user to modify data on the system.
The vulnerability occurs when an application doesn’t use a constant-time algorithm for validating a signature. A remote user can use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures and forge a valid signature for an arbitrary message byte by byte.
54) Denial of service (CVE-ID: CVE-2016-9840)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in zlib due to out-of-bounds pointer arithmetic in inftrees.c. A remote attacker can send a specially crafted document, trick the victim into opening it, and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
55) Resource exhaustion (CVE-ID: CVE-2024-34155)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to go/parser does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
56) Stack-based buffer overflow (CVE-ID: CVE-2025-32387)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can craft a JSON Schema file within a chart with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow.
57) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-32386)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). A remote attacker can trick the victim into opening this specially crafted chart to cause memory exhaustion and the application to be terminated.
58) Improper input validation (CVE-ID: CVE-2024-43382)
The vulnerability allows a remote privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the XML Services (Snowflake JDBC) component in Oracle BI Publisher. A remote privileged user can exploit this vulnerability to read and manipulate data.
59) Resource management error (CVE-ID: CVE-2024-23450)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing a document in a deeply nested pipeline on an ingest node. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
60) Cleartext storage of sensitive information (CVE-ID: CVE-2024-23444)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists within the new Certificate Signing Requests when elasticsearch-certutil CLI tool is used with the csr option in order to create a new request. The associated private key that is generated is stored on disk
unencrypted even if the --pass parameter is passed in the command
invocation. A local user with access to the system can obtain the key.
61) Resource exhaustion (CVE-ID: CVE-2024-47554)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling untrusted input passed to the org.apache.commons.io.input.XmlStreamReader class. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
62) Improper authentication (CVE-ID: CVE-2024-10963)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in pam_access module where certain rules in its configuration file are mistakenly treated as hostnames. A remote attacker can bypass authentication process and gain unauthorized access to the system.
63) Incorrect permission assignment for critical resource (CVE-ID: CVE-2024-29869)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. A local user with access to the directory can read the sensitive information written into this file.
64) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2025-29774)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to authentication bypass. A remote unauthenticated attacker can exploit a vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents by modifying a valid signed XML message in a way that still passes signature verification checks.
65) Race condition (CVE-ID: CVE-2025-32441)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists because when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session. A remote user can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.
66) Integer overflow (CVE-ID: CVE-2023-36478)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in MetaDataBuilder.checkSize when handling HTTP/2 HPACK header values. A remote attacker can send specially crafted request to the server, trigger an integer overflow and crash the server.
67) Resource exhaustion (CVE-ID: CVE-2024-3651)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.
68) Code Injection (CVE-ID: CVE-2024-29409)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote user can send a specially crafted request and execute arbitrary code via the Content-Type header on the target system.
69) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2025-29775)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to authentication or authorization bypass in systems that rely on xml-crypto for verifying signed XML documents. A remote attacker can bypass authentication or authorization mechanisms and modify a valid signed XML message in a way that still passes signature verification checks.
Remediation
Install update from vendor's website.