Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/09 11:29 a.m.6 views

Security Bulletin: IBM Rhapsody Systems Engineering is using next-14.2.12.tgz which is vulnerable to CVE-2024-51479

Summary A security vulnerability was identified in the Next.js package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2024-51479 DESCRIPTION: Next....

7.5CVSS7.5AI score0.03961EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/01 10:40 a.m.18 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-51479

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-51479. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-51479 DESCRIPTION: Next.js is a React framework for building full-stack web...

7.5CVSS6.8AI score0.03961EPSS
Exploits0Affected Software1
Circl
Circl
added 2024/12/17 6:25 p.m.13 views

CVE-2024-51479

creationtimestamp| type| source ---|---|--- 2024-12-17 18:25:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113669566323116247 2024-12-17 20:57:59+00:00| seen| https://t.me/cvedetector/13124 2024-12-19 14:46:47+00:00| seen| https://bsky.app/profile/bolhasec.com/post/3ldo4gqssju2e...

7.5CVSS6.7AI score0.03961EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/12/17 6:13 p.m.110 views

CVE-2024-51479 Authorization bypass in Next.js

Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For...

7.5CVSS6.9AI score0.03961EPSS
Exploits0References2
CVE
CVE
added 2024/12/17 6:13 p.m.425 views

CVE-2024-51479

Next.js CVE-2024-51479: A pathname-based authorization check in middleware can bypass access control for root-level pages (e.g., /foo) while not affecting deeper paths (e.g., /foo/bar). Patch available in Next.js 14.2.15 and later; if hosted on Vercel, mitigation is automatic. IBM-related notices...

7.5CVSS7.4AI score0.03961EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder