SB2026031707 - Multiple vulnerabilities in IBM Knowledge Catalog Premium Cartridge
Published: March 17, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 52 secuirty vulnerabilities.
1) Security features bypass (CVE-ID: CVE-2024-56326)
The vulnerability allows a local user to bypass sandbox restrictions.
The vulnerability exists in the way the Jinja sandboxed environment detects calls to str.format. A local user with the ability to control the contents of a template can bypass sandbox restrictions.2) Inefficient regular expression complexity (CVE-ID: CVE-2025-5889)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
3) Improper Authorization (CVE-ID: CVE-2024-38821)
The vulnerability allows a remote attacker to bypass authorization.
The vulnerability exists due to improper implementation of authorization checks when accessing static resources in WebFlux application. A remote non-authenticated attacker can bypass authorization process and gain unauthorized access to the application.
4) Improper Authorization (CVE-ID: CVE-2024-38827)
The vulnerability allows a remote attacker to bypass authorization.
The vulnerability exists due to presence of Locale dependent exceptions when using String.toLowerCase() and String.toUpperCase() for string comparison. A remote attacker can bypass authorization rules using specially crafted input.
Note, the vulnerability is related to #VU98795 (CVE-2024-38820).
5) Input validation error (CVE-ID: CVE-2021-32796)
The vulnerability allows a remote attacker to compromsie the target system.
The vulnerability exists due to the affected software does not correctly escape special characters when serializing elements removed from their ancestor. A remote attacker can cause unexpected syntactic changes during XML processing in some downstream applications.
6) Input validation error (CVE-ID: CVE-2025-27516)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to sandbox breakout through attr filter selecting format method. A local user can execute arbitrary code on the system.
7) Cross-site scripting (CVE-ID: CVE-2024-57965)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
8) Use of insufficiently random values (CVE-ID: CVE-2025-22150)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the application uses "Math.random()" from the fetch() function to choose the boundary for a "multipart/form-data" request. A remote attacker with ability to intercept traffic can tamper with the requests going to the backend APIs.
9) Input validation error (CVE-ID: CVE-2025-24970)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in SslHandler when using native SSLEngine. A remote attacker can send a specially crafted packet to the application and perform a denial of service (DoS) attack.
10) Insecure Temporary File (CVE-ID: CVE-2020-15250)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the application is using the test rule TemporaryFolder that stores sensitive information in temporary files in the system temporary directory, accessible by other system users. A local user can read temporary files and obtain sensitive information, related to the application.
11) Resource exhaustion (CVE-ID: CVE-2024-47554)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling untrusted input passed to the org.apache.commons.io.input.XmlStreamReader class. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
12) Security features bypass (CVE-ID: CVE-2024-56201)
The vulnerability allows a local user to bypass sandbox restrictions.
The vulnerability exists due to improper validation of user-supplied input. A local user with the ability to control both the filename and the contents of a template can bypass sandbox restrictions.
13) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2025-46653)
The vulnerability allows a remote user to modify data on the system.
The vulnerability exists due to Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure. A remote user can modify data on the system.
14) Resource management error (CVE-ID: CVE-2024-47535)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unsafe reading of an environment file on Windows. A local user can create an overly large file and perform a denial of service (DoS) attack.
15) Input validation error (CVE-ID: CVE-2024-38809)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ETags from "If-Match" or "If-None-Match" request headers. A remote attacker can send a specially crafted HTTP request to the application and perform a denial of service (DoS) attack.
16) Cross-site scripting (CVE-ID: CVE-2025-26791)
The disclosed vulnerability allows a remote attacker to perform mutation cross-site scripting (XSS) attacks.
The vulnerability exists due to DOMPurify has an incorrect template literal regular expression. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
17) Resource management error (CVE-ID: CVE-2024-57699)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a specially crafted JSON input. A remote attacker can pass a large number of ’{’ characters to the application and perform a denial of service (DoS) attack.
Note, the vulnerability exists due to incomplete fix for #VU75044 (CVE-2023-1370).
18) Uncontrolled Recursion (CVE-ID: CVE-2023-1370)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion when processing nested arrays and objects. A remote attacker can pass specially crafted JSON data to the application and perform a denial of service (DoS) attack.
19) Cross-site scripting (CVE-ID: CVE-2024-11831)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via URL. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
20) Input validation error (CVE-ID: CVE-2025-6547)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input as the application silently disregards Uint8Array input. A remote attacker can spoof signature.
21) Input validation error (CVE-ID: CVE-2025-6545)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to application silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algorithm strings. A remote attacker can perform a spoofing attack.
22) Deserialization of Untrusted Data (CVE-ID: CVE-2024-11393)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Deserialization of Untrusted Data (CVE-ID: CVE-2024-11394)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Deserialization of Untrusted Data (CVE-ID: CVE-2024-11392)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) Inclusion of Functionality from Untrusted Control Sphere (CVE-ID: CVE-2025-27607)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). A remote attacker can trick the victim into opening a specially crafted data, trigger the vulnerability and execute arbitrary code on the target system.
26) Memory leak (CVE-ID: CVE-2025-47279)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due memory leak when handling invalid certificates. A remote attacker can force the application to leak memory and perform denial of service attack.
27) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-39338)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
28) Path traversal (CVE-ID: CVE-2024-38816)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Specifically, an application is vulnerable when both of the following are true:
- the web application uses
RouterFunctions</code> to serve static resources</li><li>resource handling is explicitly configured with a <code>FileSystemResourcelocation
29) Path traversal (CVE-ID: CVE-2024-38819)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in applications that serve static resources through the functional web frameworks WebMvc.fn or WebFlux.fn. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
30) Improper authentication (CVE-ID: CVE-2024-12797)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error when using RFC7250 Raw Public Keys (RPKs) to authenticate a server. TLS and DTLS connections using raw public keys are vulnerable to man-in-middle attacks when server authentication failure is not detected by clients.
Note, the vulnerability can be exploited only when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain.
31) Information Exposure Through an Error Message (CVE-ID: CVE-2025-49128)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability in jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible information disclosure in systems using pooled or reused buffers, like Netty or Vert.x. A local user can gain unauthorized access to sensitive information on the system.
32) Path traversal (CVE-ID: CVE-2025-48050)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to scripts/server.js does not ensure that a pathname is located under the current working directory. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
33) Input validation error (CVE-ID: CVE-2020-13956)
The vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to insufficient validation of user-supplied input in Apache HttpClient. A remote attacker can pass request URIs to the library as java.net.URI object and force the application to pick the wrong target host for request execution.
34) Code Injection (CVE-ID: CVE-2025-1302)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode.
35) Input validation error (CVE-ID: CVE-2024-21534)
The vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can exploit the unsafe default usage of vm in Node and execute arbitrary code on the system.
36) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2025-27152)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
37) Inefficient regular expression complexity (CVE-ID: CVE-2024-52798)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.38) Inefficient regular expression complexity (CVE-ID: CVE-2024-45296)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
39) Improper Handling of Unexpected Data Type (CVE-ID: CVE-2025-7339)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can inadvertently modify response headers when an array is passed to `response.writeHead()`
40) Inefficient regular expression complexity (CVE-ID: CVE-2025-27789)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
41) Information disclosure (CVE-ID: CVE-2024-29025)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in HttpPostRequestDecoder. A remote attacker can gain unauthorized access to sensitive information on the system.
42) Buffer overflow (CVE-ID: CVE-2025-2148)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. A remote attacker can trick the victim into opening a specially crafted file to manipulate the argument None, leading to memory corruption.
43) Improper Initialization (CVE-ID: CVE-2025-2149)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the function nnq_Sigmoid of the component Quantized Sigmoid Module. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
44) Improper resource shutdown or release (CVE-ID: CVE-2025-3730)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
45) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-43859)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests in h11/_readers.py. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
46) Infinite loop (CVE-ID: CVE-2024-55565)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote user can consume all available system resources and cause denial of service conditions.
47) Improper resource shutdown or release (CVE-ID: CVE-2025-4287)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the function torch.cuda.nccl.reduce() of the file torch/cuda/nccl.py. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
48) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2024-6827)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to Gunicorn does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. A remote attacker can send a specially crafted HTTP request to the server and initiate cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.
49) Resource exhaustion (CVE-ID: CVE-2025-1948)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling HTTP/2 requests. A remote attacker can force the server to allocate a large amount of resources and perform a denial of service (DoS) attack.
50) Resource exhaustion (CVE-ID: CVE-2023-34462)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.
51) Improper Certificate Validation (CVE-ID: CVE-2023-4586)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the Hot Rod client does not enable hostname validation when using TLS. A remote attacker can perform MitM attack.
52) Uncontrolled Recursion (CVE-ID: CVE-2024-7254)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields. A remote attacker can pass specially crafted input to the application to create unbounded recursions and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.