VDB
CVE-2024-28849
CVE-2024-28849
PUBLISHED
CVSS 8.699999809265137 HIGH
Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht im follow-redirects-Paket des Service Mesh Containers aufgrund eines fehlenden Clearing-Prozesses, der es ermöglicht, eine JWE mit komprimierten Daten zu senden, die große Mengen an Speicher und CPU verbraucht. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
EPSS 1.08% · 78.2th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.08%
78.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Communications <=23.4.5 | |
| Oracle | Oracle PeopleSoft 8.61 | |
| Debian | Debian Linux | |
| Oracle | Oracle Linux | |
| Atlassian | Atlassian Bitbucket <9.4.13 (LTS) | |
| Ubuntu | Ubuntu Linux | |
| Red Hat | Red Hat OpenShift Container Platform <4.13.42 | |
| Dell | Dell PowerProtect Data Domain <8.4.0.0 | |
| Oracle | Oracle Communications 4.1.0 | |
| Red Hat | Red Hat OpenShift <4.16.24 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat OpenShift Container Platform <4.18.10 | |
| HCL | HCL BigFix Server Automation <9.5.70 | |
| Red Hat | Red Hat OpenShift Container Platform <4.15.14 | |
| Dell | Dell ECS 3.8.1.0-3.8.1.7 | |
| Oracle | Oracle Communications 23.4.0 | |
| Oracle | Oracle Communications <=23.4.4 | |
| Oracle | Oracle Communications Applications <=15.0.0.1 | |
| Oracle | Oracle Communications 14.0.0.1 | |
| Red Hat | Red Hat OpenShift Migration Toolkit for Applications <7.0.3 |
…and 101 more
Exploit Intelligence
Timeline
- Jan 21, 1970 Security Advisory
- Mar 14, 2024 CVE Published
- Mar 15, 2024 EPSS Score
- Apr 10, 2024 EPSS Score
- May 6, 2024 EPSS Score
- Jun 1, 2024 EPSS Score
- Jun 27, 2024 EPSS Score
- Jul 23, 2024 EPSS Score
- Aug 18, 2024 EPSS Score
- Sep 13, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Nov 4, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0858.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0858 advisory
- https://www.ibm.com/support/pages/node/7148190 advisory
- https://www.ibm.com/support/pages/node/7159781 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0947.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0947 advisory
- https://access.redhat.com/errata/RHSA-2024:1946 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268854 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2269576 advisory
- https://access.redhat.com/errata/RHSA-2024:2639 advisory
- https://access.redhat.com/errata/RHSA-2024:2549 advisory
- https://access.redhat.com/errata/RHSA-2024:2049 advisory
- https://access.redhat.com/errata/RHSA-2024:2054 advisory
- https://access.redhat.com/errata/RHSA-2024:2071 advisory
- https://linux.oracle.com/errata/ELSA-2024-2549.html advisory
- https://access.redhat.com/errata/RHSA-2024:2669 advisory
- https://access.redhat.com/errata/RHSA-2024:2672 advisory
- https://access.redhat.com/errata/RHSA-2024:2776 advisory
- https://access.redhat.com/errata/RHSA-2024:2773 advisory
- https://access.redhat.com/errata/RHSA-2024:2784 advisory
…and 202 more