wid-sec-w-2026-0559 · Published 2026-03-01 · View on BSI CERT-Bund ↗

IBM Rational Build Forge: Multiple Vulnerabilities

CVSS 9.8 CRITICAL

Risk Summary

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

CVEs (15)

CVE-2018-25031 CVE-2019-17495 CVE-2021-22060 CVE-2021-22096 CVE-2022-22968 CVE-2022-22970 CVE-2024-38820 CVE-2024-38828 CVE-2025-41248 CVE-2025-41249 CVE-2025-48734 CVE-2025-53057 CVE-2025-53066 CVE-2025-58754 CVE-2025-7783

Affected Vendors

IBM

Affected Products (2)

IBM · Rational Build Forge <8.0.0.29

IBM · Rational Build Forge 8.0.0.29

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more