Lucene search
+L

30 matches found

Atlassian
Atlassian
added 2025/12/09 11:31 p.m.15 views

SSRF (Server Side Request Forgery) axios Dependency in Jira Software Data Center and Server

This High severity SSRF Server Side Request Forgery vulnerability known as CVE-2025-27152 was introduced in 10.3.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P allows a...

8.7CVSS6.3AI score0.00759EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:23 a.m.4 views

Security Bulletin: Axios before 1.8.2 allows SSRF and credential leakage when using absolute URLs despite baseURL setting

Summary axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This...

8.7CVSS6.4AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 7:13 a.m.13 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871"

Summary IBM Maximo Application Suite uses " axios, http-proxy-middleware and net/http package " which is vulnerable to "CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871". This bulletin contains information regarding the vulnerability and how to address it. Vulnerability Details...

9.1CVSS6.7AI score0.00778EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:57 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to SSRF in Grafana (CVE-2025-27152)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2025-27152 Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issu...

8.7CVSS6.7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/21 5:13 a.m.8 views

Security Bulletin: Vulnerabilities in axios affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in axios has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a...

8.7CVSS6.7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 9:45 a.m.4 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-27152)

Summary axios is vulnerable to SSRF and credential leakage attacks. These vulnerabilities affect IBM Spectrum Control. CVE-2025-27152. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute...

8.7CVSS6.3AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 1:43 p.m.4 views

Security Bulletin: IBM QRadar Hub for IBM QRadar SIEM is vulnerable to using a component with known vulnerabilities (CVE-2025-27152)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Hub for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP clien...

8.7CVSS7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 1:41 p.m.7 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2025-27152, CVE-2025-27789)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a...

8.7CVSS6.8AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 8:0 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152

Summary IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152. This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS8.8AI score0.02617EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 8:0 a.m.4 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"

Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

8.7CVSS6.2AI score0.00759EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 7:58 a.m.4 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"

Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

8.7CVSS6.2AI score0.00759EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 7:57 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152

Summary IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152. This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS8.8AI score0.02617EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/19 1:27 p.m.6 views

Security Bulletin: IBM Edge Data Collector is vulnerable to axios-1.7.7.tgz, axios-1.7.9.tgz CVE-2025-27152

Summary IBM Edge Data Collector is vulnerable to axios-1.7.7.tgz, axios-1.7.9.tgz CVE-2025-27152. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. Th...

8.7CVSS6.7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/17 8:24 a.m.12 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Server-Side Request Forgery (SSRF) due to axios package( CVE-2025-27152 )

Summary Potential vulnerabilities in axios package CVE-2025-27152 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rathe...

8.7CVSS8.8AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 7:39 a.m.6 views

Security Bulletin: IBM Event Processing is vulnerable to Server-Side Request Forgery (SSRF) and credential leakage due to the axios package (CVE-2025-27152).

Summary IBM Event Processing is vulnerable to Server-Side Request Forgery SSRF and credential leakage due to the usage of axios package. The axios package is used in event processing to send or retrieve data via HTTP calls, enabling integration with external services or REST APIs during event...

8.7CVSS9.3AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 7:38 a.m.7 views

Security Bulletin: IBM Event Streams is vulnerable to Server Side Request Forgery (SSRF) due to the axios component (CVE-2025-27152).

Summary IBM Event Streams is vulnerable to Server Side Request Forgery SSRF due to the axios component. In event streams, axios is used to make HTTP requests to the Event Streams REST Admin API, such as creating or listing Kafka topics. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axio...

8.7CVSS9.3AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/04 10:5 a.m.8 views

Security Bulletin: There is a vulnerablity in the axios library affecting IBM watsonx Code Assistant IDE Extensions

Summary There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and...

8.7CVSS6.6AI score0.00759EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 1:17 p.m.22 views

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024.

Summary IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024. . This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS6.7AI score0.01414EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/08 2:44 p.m.12 views

Security Bulletin: The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios, affects watsonx.data

Summary axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This...

8.7CVSS6.7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 7:23 a.m.54 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002. Vulnerability Details CVEID:CVE-2025-22866 DESCRIPTION: Due to the usage of a variable time...

9.8CVSS9.5AI score0.03153EPSS
Exploits5Affected Software2
Rows per page
Query Builder