CVE-2024-28849 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-28849 PUBLISHED CVSS 9.300000190734863 CRITICAL

Es besteht eine Schwachstelle in HCL BigFix Server Automation. Der Fehler besteht aufgrund der unsachgemäßen Löschung des Proxy-Authentifizierungs-Headers bei domänenübergreifenden Umleitungen im Paket follow-redirects, was zur Preisgabe von Anmeldeinformationen führt. Ein anonymer, entfernter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben.

EPSS 0.68% · 71.4th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.68%

71.4th percentile

Affected Products

Vendor	Product	Versions
Oracle	Oracle Communications <=23.4.5
Oracle	Oracle PeopleSoft 8.61
Debian	Debian Linux
Oracle	Oracle Linux
Atlassian	Atlassian Bitbucket <9.4.13 (LTS)
Ubuntu	Ubuntu Linux
Red Hat	Red Hat OpenShift Container Platform <4.13.42
Dell	Dell PowerProtect Data Domain <8.4.0.0
Oracle	Oracle Communications 4.1.0
Red Hat	Red Hat OpenShift <4.16.24
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat OpenShift Container Platform <4.18.10
HCL	HCL BigFix Server Automation <9.5.70
Red Hat	Red Hat OpenShift Container Platform <4.15.14
Oracle	Oracle Communications 23.4.0
Oracle	Oracle Communications <=23.4.4
Oracle	Oracle Communications Applications <=15.0.0.1
Oracle	Oracle Communications 14.0.0.1
Red Hat	Red Hat OpenShift Migration Toolkit for Applications <7.0.3
Gentoo	Gentoo Linux

…and 100 more

Timeline

Jan 21, 1970 Security Advisory
Mar 14, 2024 CVE Published
Mar 15, 2024 EPSS Score
Apr 9, 2024 EPSS Score
May 5, 2024 EPSS Score
May 30, 2024 EPSS Score
Jun 25, 2024 EPSS Score
Jul 20, 2024 EPSS Score
Aug 15, 2024 EPSS Score
Sep 9, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 30, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0858.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0858 advisory
https://www.ibm.com/support/pages/node/7148190 advisory
https://www.ibm.com/support/pages/node/7159781 advisory
https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0947.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0947 advisory
https://access.redhat.com/errata/RHSA-2024:1946 advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2268854 advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2269576 advisory
https://access.redhat.com/errata/RHSA-2024:2639 advisory
https://access.redhat.com/errata/RHSA-2024:2549 advisory
https://access.redhat.com/errata/RHSA-2024:2049 advisory
https://access.redhat.com/errata/RHSA-2024:2054 advisory
https://access.redhat.com/errata/RHSA-2024:2071 advisory
https://linux.oracle.com/errata/ELSA-2024-2549.html advisory
https://access.redhat.com/errata/RHSA-2024:2669 advisory
https://access.redhat.com/errata/RHSA-2024:2672 advisory
https://access.redhat.com/errata/RHSA-2024:2776 advisory
https://access.redhat.com/errata/RHSA-2024:2773 advisory
https://access.redhat.com/errata/RHSA-2024:2784 advisory

…and 201 more

Open in Interactive Console →