37 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-39338
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. CVE-2024-39338 Note that Nessus...
Fedora: Security Advisory (FEDORA-2024-6971446073)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-19e63ed69e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-27152
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...
Security Bulletin: Server Side Request Forgery vulnerability affect IBM Business Automation Workflow - CVE-2024-39338
Summary IBM Business Automation Workflow is vulnerable to a Server Side Request Forgery SSRF attack. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative...
Security Bulletin: IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818.
Summary IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and server-side request forgery [CVE-2024-45590] [CVE-2024-39338]
Summary Node.js modules expressjs and axios are used by IBM App Connect Enterprise Certified Container for making and responding to HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and server-side request forgery. This bulletin...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable due to Axios vulnerability (CVE-2024-39338)
Summary IBM Sterling External Authentication Server SEAS uses Axios, which is vulnerable to Server-side Request Forgery SSRF. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to server-side request (CVE-2024-39338)
Summary There is a vulnerability in Axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...
Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery (CVE-2024-39338).
Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery. Axios is used by IBM Robotic Process Automation as part of the Carbon UI framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Security Bulletin: Security Vulnerabilities in base image packages affect IBM Voice Gateway
Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processe...
Security Bulletin: IBM QRadar Pre-Validation App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...
Fedora 41 : nextcloud (2024-19e63ed69e)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-19e63ed69e advisory. 29.0.6 release RHBZ2305125 RHBZ2309499 fixes CVE-2024-39338 Tenable has extracted the preceding description block directly from the Fedora security advisory...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.4 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
Security Bulletin: Due to use of Axios, IBM Event Processing is vulnerable to server-side request forgery
Summary Axios is used by IBM Event Processing frontend. CVE-2024-39338 Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs. By sending a specially...
SUSE SLED15: pgadmin4 / pgadmin4-cloud / pgadmin4-desktop / pgadmin4-doc / etc (SUSE-SU-2024:3771-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3771-1 advisory. - CVE-2024-38355: Fixed socket.io: unhandled 'error' event bsc1226967 - CVE-2024-38998: Fixed...