Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Unrestricted File Upload, Information Disclosure, Java Source Map and Verbose Messaging vulnerabilities. This Security Bulletin relates only to the direct usage of third-party components by IBM Analytics Content Hub, and not any nested dependencies within the product. Vulnerability Details CVEID:CVE-2024-37524 DESCRIPTION: IBM Analytics Content Hub could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. CWE:CWE-209: Generation of Error Message Containing Sensitive Information CVSS Source: IBM X-Force CVSS Base score: 5.3 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID:CVE-2024-39752 DESCRIPTION: IBM Analytics Content Hub could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. CWE:CWE-434: Unrestricted Upload of File with Dangerous Type CVSS Source: IBM X-Force CVSS Base score: 6.8 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) CVEID:CVE-2025-36090 DESCRIPTION: IBM Analytics Content Hub could allow a remote attacker to obtain information about the application framework which could be used…Read More