BLU-IC4
by Azure Access
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12600 | Cri | 0.64 | 9.8 | 0.00 | Nov 1, 2025 | Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||
| CVE-2025-12554 | Cri | 0.64 | 9.8 | 0.00 | Oct 31, 2025 | Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||
| CVE-2025-12285 | Cri | 0.64 | 9.8 | 0.00 | Oct 26, 2025 | Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||
| CVE-2025-12219 | Cri | 0.64 | 9.8 | 0.00 | Oct 25, 2025 | Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||
| CVE-2025-12176 | Cri | 0.64 | 9.8 | 0.00 | Oct 24, 2025 | Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||
| CVE-2025-12218 | Cri | 0.59 | 9.1 | 0.00 | Oct 25, 2025 | Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||
| CVE-2025-12423 | Hig | 0.49 | 7.5 | 0.00 | Oct 28, 2025 | Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | ||
| CVE-2025-12363 | Hig | 0.49 | 7.5 | 0.00 | Oct 27, 2025 | Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||
| CVE-2025-11925 | Med | 0.40 | 6.1 | 0.00 | Oct 17, 2025 | Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||
| CVE-2025-12216 | Med | 0.36 | 5.5 | 0.00 | Oct 25, 2025 | Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
- risk 0.64cvss 9.8epss 0.00
Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- risk 0.64cvss 9.8epss 0.00
Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- risk 0.64cvss 9.8epss 0.00
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- risk 0.64cvss 9.8epss 0.00
Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- risk 0.64cvss 9.8epss 0.00
Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- risk 0.59cvss 9.1epss 0.00
Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- risk 0.49cvss 7.5epss 0.00
Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- risk 0.49cvss 7.5epss 0.00
Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- risk 0.40cvss 6.1epss 0.00
Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- risk 0.36cvss 5.5epss 0.00
Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.