VDB
CVE-2024-22234
CVE-2024-22234
PUBLISHED
Es existiert eine Schwachstelle in VMware Tanzu Spring Security. Die Ursache ist eine fehlerhafte Zugriffskontrolle, wenn die Methode AuthenticationTrustResolver.isFullyAuthenticated(Authentication) direkt verwendet wird. Ein Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.
EPSS 1.66% · 82.4th percentile
Risk Scores
EPSS Score
1.66%
82.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Communications 15.0.0.0.0 | |
| Oracle | Oracle Communications 23.4.0 | |
| Oracle | Oracle Communications 23.4.1 | |
| Oracle | Oracle Communications 4.2.0 | |
| Oracle | Oracle Communications 23.4.2 | |
| Red Hat | Red Hat Enterprise Linux | |
| Oracle | Oracle Communications 12.11.3 | |
| Oracle | Oracle Communications <=9.0.3 | |
| Oracle | Oracle Communications 12.6.1.0.0 | |
| Oracle | Oracle Communications 23.1.0 | |
| Oracle | Oracle Communications <=23.4.4 | |
| Oracle | Oracle Communications 24.1.0 | |
| Oracle | Oracle Communications <=8.6.0.6 | |
| Oracle | Oracle Communications 9.2.0 | |
| Oracle | Oracle Communications 10.5 | |
| Hitachi | Hitachi Ops Center | |
| Oracle | Oracle Communications 12.11.0 | |
| Oracle | Oracle Communications 46.6.5 | |
| Oracle | Oracle Communications 9.3.0 | |
| Oracle | Oracle Communications 4.1.0 |
…and 7 more
Timeline
- Feb 18, 2024 CVE Published
- Feb 20, 2024 EPSS Score
- Mar 18, 2024 EPSS Score
- Apr 14, 2024 EPSS Score
- May 11, 2024 EPSS Score
- Jun 6, 2024 EPSS Score
- Jul 30, 2024 EPSS Score
- Aug 26, 2024 EPSS Score
- Sep 22, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 19, 2024 EPSS Score
- Nov 15, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0417.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0417 advisory
- https://spring.io/security/cve-2024-22234 advisory
- https://access.redhat.com/errata/RHSA-2024:3550 advisory
- https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-133/index.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1642.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1642 advisory
- https://www.oracle.com/security-alerts/cpujul2024.html#AppendixCGBU advisory
- https://access.redhat.com/errata/RHSA-2024:6016 advisory
- https://access.redhat.com/errata/RHSA-2024:9975 advisory
- https://access.redhat.com/errata/RHSA-2024:9976 advisory