42 matches found
org.eclipse.digitaltwin.basyx:basyx.submodelservice.component (=2.0.0-milestone-01) potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelservice-http (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.submodelservice-http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelservice-http and may be impacted: -...
org.eclipse.digitaltwin.basyx:basyx.submodelrepository.component (=2.0.0-milestone-01) potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelrepository-http (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.submodelrepository-http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelrepository-http and may be impacted: -...
org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +8 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.http (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.http and may be impacted: -...
org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +7 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelservice-core (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.submodelservice-core MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelservice-core and may be impacted: -...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Operation Delegation feature. An attacker can cause the server to send unauthorized HTTP POST requests to arbitrary internal or external destinations by supplying a crafted destination URI,...
CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
UBUNTU-CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
UBUNTU-CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
CVE-2026-7412
CVE-2026-7412 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The Operation Delegation feature fails to validate the destination URI of delegated requests, enabling an unauthenticated remote attacker to coerce the BaSyx server into performing blind HTTP POSTs to arbitr...
CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7411
CVE-2026-7411 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The issue is an inadequate path normalization in the Submodel HTTP API, enabling an unauthenticated remote attacker to perform a path traversal via a crafted fileName parameter during a file upload. This can...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
PT-2026-37080
Name of the Vulnerable Software and Affected Versions Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 Description The Operation Delegation feature fails to validate the destination URI of delegated requests. This design flaw allows an unauthenticated remote attacker to force th...