SB2026031038 - Multiple vulnerabilities in IBM StreamSets Data Collector

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026031038

SB2026031038 - Multiple vulnerabilities in IBM StreamSets Data Collector

Published: March 10, 2026

Security Bulletin ID SB2026031038
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper validation of certificate with host mismatch (CVE-ID: CVE-2025-68161)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the Socket Appender does not perform TLS hostname verification of the peer certificate, even when the "verifyHostName" configuration attribute or the "log4j2.sslVerifyHostName"  system property is set to true. A remote attacker can perform MitM attack and intercept or redirect the log traffic. 


2) Input validation error (CVE-ID: CVE-2025-11226)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when parsing configuration file. A remote attacker can trick the victim into using a specially crafted configuration file and execute arbitrary code on the system.

Successful exploitation of the vulnerability requires presence of Janino library and Spring Framework on the user's class path.


3) Code Injection (CVE-ID: CVE-2025-33042)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability occurs when generating specific records from untrusted Avro schemas. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.


Remediation

Install update from vendor's website.

References