Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Details
CVSS v3
10.0
CVSS v4
5.5
NVD published
2025-12-03 20:16:26
EPSS
<0.1% probability · 19.6th percentile — 2026-03-30
Affected versions
Not available in our cache.
Summary
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.