26 matches found
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-27907)
Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Due to use of WebSphere Application Server traditional IBM Tivoli System Automation Application Manager is vulnerable to a server-side request forgery (SSRF) vulnerability (CVE-2025-27907)
Summary A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2025-27907 Vulnerability Details CVEID:CVE-2025-27907 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request...
CVE-2022-27907
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2025-27907)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability (CVE-2025-27907)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Product...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)
Summary The security issue described in CVE-2025-27907 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2025-27907)
Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
IBM WebSphere Application Server 8.5.x < 8.5.5.28 / 9.x < 9.0.5.24 (7231514)
The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7231514 advisory. - IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-27907)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a server-side request forgery vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2025-27907
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
CVE-2025-27907
Summary of evidence for CVE-2025-27907: IBM WebSphere Application Server (WAS) versions 8.5 and 9.0 are vulnerable to server-side request forgery (SSRF), potentially allowing an authenticated attacker to send unauthorized requests from the WAS host, enabling network enumeration or related attacks...
CVE-2025-27907
creationtimestamp| type| source ---|---|--- 2025-04-22 14:10:05+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3lnfu7crrwr27 2025-04-22 14:35:04+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3lnfvlynsnk2u 2025-04-22 15:05:24+00:00| seen|...
CVE-2024-27907
creationtimestamp| type| source ---|---|--- 2024-03-12 12:26:29+00:00| seen| https://t.me/ctinow/205599 2024-03-12 12:32:28+00:00| seen| https://t.me/ctinow/205612...
CVE-2024-27907
The CVE affects Simcenter Femap prior to V2306.0000, where parsing a Catia MODEL file can trigger an out-of-bounds write past an allocated buffer, enabling code execution in the affected process. Root cause is a memory/buffer handling issue during Catia MODEL file parsing. Public references corro...
CVE-2023-27907
creationtimestamp| type| source ---|---|--- 2023-10-27 17:00:28+00:00| seen| https://t.me/cibsecurity/62305...
Autodesk Maya USD Plugin < 0.23.0 Multiple Vulnerabilities (ADSK-SA-2023-0003)
The version of Autodesk Maya USD Plugin installed on the remote host is prior to 0.23.0. It is, therefore, affected by multiple vulnerabilities: - A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution...
CVE-2023-27907
A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution...
CVE-2023-27907
A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution...
CVE-2023-27907
The CVE-2023-27907 entry concerns Autodesk Maya USD Plugin prior to 0.23.0. The vulnerability is triggered by opening a malicious USD file and involves an out-of-bounds write that may lead to code execution. The affected component is the Maya USD Plugin (Autodesk Maya); other related advisories r...