SB2026051435 - Multiple vulnerabilities in IBM Watson Knowledge Catalog on-prem
Published: May 14, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 35 vulnerabilities.
1) Memory leak (CVE-ID: CVE-2025-47279)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due memory leak when handling invalid certificates. A remote attacker can force the application to leak memory and perform denial of service attack.
2) Improper input validation (CVE-ID: CVE-2025-30698)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
3) Inefficient regular expression complexity (CVE-ID: CVE-2025-5889)
CWE-ID: CWE-1333 - Inefficient Regular Expression Complexity
CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
4) Uncontrolled Recursion (CVE-ID: CVE-2025-4565)
CWE-ID: CWE-674 - Uncontrolled Recursion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
the vulnerability exists due to uncontrolled recursion when parsing untrusted data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags. A remote attacker send specially crafted input to the application and can perform a denial of service attack.
5) Resource exhaustion (CVE-ID: CVE-2025-1948)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling HTTP/2 requests. A remote attacker can force the server to allocate a large amount of resources and perform a denial of service (DoS) attack.
6) Insufficiently protected credentials (CVE-ID: CVE-2024-47081)
CWE-ID: CWE-522 - Insufficiently Protected Credentials
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the library leaks .netrc credentials to third parties for specific maliciously-crafted URLs. A remote attacker can gain access to sensitive information.
7) Improper resource shutdown or release (CVE-ID: CVE-2025-4287)
CWE-ID: CWE-404 - Improper Resource Shutdown or Release
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the function torch.cuda.nccl.reduce() of the file torch/cuda/nccl.py. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
8) Improper input validation (CVE-ID: CVE-2025-21587)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
9) Heap-based buffer overflow (CVE-ID: CVE-2025-2900)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a defect in its native AES/CBC encryption implementation. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Uncontrolled Recursion (CVE-ID: CVE-2024-7254)
CWE-ID: CWE-674 - Uncontrolled Recursion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields. A remote attacker can pass specially crafted input to the application to create unbounded recursions and perform a denial of service (DoS) attack.
11) Stack-based buffer overflow (CVE-ID: CVE-2025-4447)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N/E:U/U:Green
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability occurs when modifying a file on disk that is read when the JVM starts. A local user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
12) Improper access control (CVE-ID: CVE-2025-48734)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions to enum properties. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().
13) Path traversal (CVE-ID: CVE-2025-48050)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to scripts/server.js does not ensure that a pathname is located under the current working directory. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
14) Protection Mechanism Failure (CVE-ID: CVE-2025-50181)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of the Redirect object when handling redirects and retries. A remote attacker can force the library to follow redirects even if explicitly disabled with PoolManager.
15) Protection Mechanism Failure (CVE-ID: CVE-2025-50182)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of the Redirect object when handling redirects and retries in a Pyodide runtime. A remote attacker can force the library to follow redirects even if explicitly disabled.
16) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-43859)
CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests in h11/_readers.py. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
17) Out-of-bounds write (CVE-ID: CVE-2025-1471)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. A remote attacker can send a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.
18) Input validation error (CVE-ID: CVE-2025-24970)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in SslHandler when using native SSLEngine. A remote attacker can send a specially crafted packet to the application and perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2025-1470)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
20) Integer overflow (CVE-ID: CVE-2024-10917)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to return of an incorrect value which has wrapped around by the JNI function GetStringUTFLength. A remote attacker can pass specially crafted data to the application, trigger integer overflow and bypass security restrictions.
21) Resource exhaustion (CVE-ID: CVE-2025-46392)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when loading a specially crafted configuration file. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
22) Resource management error (CVE-ID: CVE-2024-47535)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unsafe reading of an environment file on Windows. A local user can create an overly large file and perform a denial of service (DoS) attack.
23) Path traversal (CVE-ID: CVE-2025-47273)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences in package_index.py. A remote attacker can trick the victim into installing a specially crafted script and overwrite arbitrary files on the system, leading to code execution.
24) Improper input validation (CVE-ID: CVE-2024-21217)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
25) Improper input validation (CVE-ID: CVE-2024-21208)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
26) Out-of-bounds write (CVE-ID: CVE-2024-9143)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when using the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial. A remote attacker can send specially crafted input to the server, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Note, the vulnerability can be exploited against the application in rare cases only that involve "exotic" curve encoding.
27) Input validation error (CVE-ID: CVE-2025-6545)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to application silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algorithm strings. A remote attacker can perform a spoofing attack.
28) Buffer overflow (CVE-ID: CVE-2025-2148)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. A remote attacker can trick the victim into opening a specially crafted file to manipulate the argument None, leading to memory corruption.
29) Improper Initialization (CVE-ID: CVE-2025-2149)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the function nnq_Sigmoid of the component Quantized Sigmoid Module. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
30) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2025-46653)
CWE-ID: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to modify data on the system.
The vulnerability exists due to Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure. A remote user can modify data on the system.
31) Information disclosure (CVE-ID: CVE-2023-0833)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the OKHttp component. A remote user can send a specially crafted request to the server containing a header with an illegal value and disclose potentially sensitive information.
32) Improper Handling of Unexpected Data Type (CVE-ID: CVE-2025-7339)
CWE-ID: CWE-241 - Improper Handling of Unexpected Data Type
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can inadvertently modify response headers when an array is passed to `response.writeHead()`
33) Resource exhaustion (CVE-ID: CVE-2025-25193)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application attempts to load a file that does not exist. A local user can create a large file on the system and crash the application.
Note, the vulnerability affects Windows installations only.
34) Input validation error (CVE-ID: CVE-2025-6547)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input as the application silently disregards Uint8Array input. A remote attacker can spoof signature.
35) Information Exposure Through an Error Message (CVE-ID: CVE-2025-49128)
CWE-ID: CWE-209 - Information Exposure Through an Error Message
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability in jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible information disclosure in systems using pooled or reused buffers, like Netty or Vert.x. A local user can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.