Eclipse Basyx
Approved changes feed: RSS · Atom
cpe:2.3:a:eclipse_foundation:eclipse_basyx:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Eclipse Foundation (2c315c48-0111-5572-bbde-cc70cfafb2e9) |
|---|---|
| Product | Eclipse Basyx (f9159f07-9466-5fe5-bf6c-e135ab84e956) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-7412 |
vulnerable | 2026-06-03 15:27:56.749991 |
Details available
HIGH (8.6)
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).
Published: 2026-05-05T14:15:05.877Z
Updated: 2026-05-06T15:25:44.521Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7411 |
vulnerable | 2026-06-03 15:27:56.749666 |
Details available
CRITICAL (10)
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.
Published: 2026-05-05T14:07:53.476Z
Updated: 2026-05-06T15:25:50.007Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.