SB2026031308 - Multiple vulnerabilities in IBM Event Streams

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026031308

SB2026031308 - Multiple vulnerabilities in IBM Event Streams

Published: March 13, 2026

Security Bulletin ID SB2026031308
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 75% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Prototype pollution (CVE-ID: CVE-2025-64718)

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution attacks.


2) Resource exhaustion (CVE-ID: CVE-2025-15284)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the arrayLimit option does not enforce limits for bracket notation (a[]=1&a[]=2). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Improper verification of cryptographic signature (CVE-ID: CVE-2025-65945)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to improper signature verification under specific conditions when using the HS256 algorithm within the jws.createVerify() function. A remote attacker can manipulate header or payload in the HMAC secret lookup routines and bypass authorization checks. 


4) Link following (CVE-ID: CVE-2025-54798)

The vulnerability allows a local user to modify data on the system.

The vulnerability exists due to an insecure link following issue. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.


Remediation

Install update from vendor's website.

References