CVE-2023-4586 — Vulnetix

CVE-2023-4586 PUBLISHED

Es existiert eine Schwachstelle in Red Hat JBoss Data Grid. Der Hot Rod-Client aktiviert bei der Verwendung von TLS keine Hostnamen-Validierung. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Man in the Middle Angriff durchzuführen.

EPSS 0.24% · 47.5th percentile

Risk Scores

EPSS Score

0.24%

47.5th percentile

Affected Products

Vendor	Product	Versions
NetApp	NetApp ActiveIQ Unified Manager

Exploit Intelligence

owaspSuppressions.xml (github-poc)
owaspSuppressions.xml (github-poc)
owaspSuppressions.xml (github-poc)
owaspSuppressions.xml (github-poc)
owaspSuppressions.xml (github-poc)
owaspSuppressions.xml (github-poc)
owaspSuppressions.xml (github-poc)
owaspSuppressions.xml (github-poc)
owaspSuppressions.xml (github-poc)
owaspSuppressions.xml (github-poc)

…and 26 more exploits

Timeline

Oct 5, 2023 EPSS Score
Nov 1, 2023 CVE Rejected
Nov 1, 2023 CVE Updated
Nov 6, 2023 EPSS Score
Dec 7, 2023 EPSS Score
Jan 8, 2024 EPSS Score
Feb 8, 2024 EPSS Score
Mar 11, 2024 EPSS Score
Apr 12, 2024 EPSS Score
May 13, 2024 EPSS Score
Jun 14, 2024 EPSS Score
Jul 16, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3071.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3071 advisory
https://access.redhat.com/errata/RHSA-2023:7676 advisory
https://security.netapp.com/advisory/ntap-20240125-0004/ advisory

Open in Interactive Console →