CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2900 – IBM Semeru Runtime denial of service
https://notcve.org/view.php?id=CVE-2025-2900
14 May 2025 — IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation. • https://www.ibm.com/support/pages/node/7233415 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22361 – IBM Semeru Runtime information disclosure
https://notcve.org/view.php?id=CVE-2024-22361
10 Feb 2024 — IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. IBM Semeru Runtime 8.0.302.0 a 8.0.392.0, 11.0.12.0 a 11.0.21.0, 17.0.1.0 - 17.0.9.0 y 21.0.1.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force:... • https://exchange.xforce.ibmcloud.com/vulnerabilities/281222 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •