VDB
CVE-2024-38808
CVE-2024-38808
PUBLISHED
CVSS 8.699999809265137 HIGH
Das Spring Framework bietet ein Entwicklungsmodell für Java mit Infrastrukturunterstützung auf Anwendungsebene.
EPSS 0.81% · 74.6th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.81%
74.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Retail Applications 20.0.1 | |
| IBM | IBM InfoSphere Information Server 11.7 | |
| Hitachi | Hitachi Ops Center | |
| IBM | IBM Rational ClearCase | |
| IBM | IBM Business Automation Workflow <24.0.0-IF004 | |
| IBM | IBM Business Automation Workflow | |
| Oracle | Oracle Retail Applications 22.0.0 | |
| NetApp | NetApp ActiveIQ Unified Manager | |
| Oracle | Oracle Retail Applications 19.0.0.10 | |
| Oracle | Oracle Retail Applications 21.0.0 | |
| SolarWinds | SolarWinds Security Event Manager <2025.4 | |
| VMware Tanzu | VMware Tanzu Spring Framework <5.3.39 | |
| IBM | IBM SPSS Collaboration and Deployment Services | |
| IBM | IBM Operational Decision Manager 8.11.x | |
| IBM | IBM QRadar SIEM <7.5.0 UP10 IF01 | |
| Red Hat | Red Hat Enterprise Linux | |
| IBM | IBM Security Guardium 12.0 | |
| Trellix | Trellix ePolicy Orchestrator <5.10.0 Service pack 1 Update 5 | |
| VMware Tanzu | VMware Tanzu Spring Framework <5.3.38 | |
| IBM | IBM Operational Decision Manager 8.12.x |
…and 3 more
Exploit Intelligence
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- test_ghsa_completeness.py (github-poc)
…and 8 more exploits
Timeline
- Aug 14, 2024 CVE Published
- Aug 21, 2024 EPSS Score
- Sep 11, 2024 EPSS Score
- Oct 1, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 30, 2024 Coalition ESS Score
- Nov 11, 2024 EPSS Score
- Dec 3, 2024 EPSS Score
- Dec 23, 2024 EPSS Score
- Jan 13, 2025 EPSS Score
- Feb 2, 2025 EPSS Score
- Feb 21, 2025 Coalition ESS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3221.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3221 advisory
- https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixRAPP advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1853.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1853 advisory
- https://spring.io/blog/2024/08/14/spring-framework-releases-fixes-for-cve-2024-38808-and-cve-2024-38809 advisory
- https://spring.io/security/cve-2024-38808 advisory
- https://spring.io/security/cve-2024-38809 advisory
- https://rhn.redhat.com/errata/RHSA-2024:6508.html advisory
- https://access.redhat.com/errata/RHSA-2024:6508 advisory
- https://security.netapp.com/advisory/ntap-20240920-0002/ advisory
- https://security.netapp.com/advisory/ntap-20240920-0003/ advisory
- https://www.ibm.com/support/pages/node/7172193 advisory
- https://www.ibm.com/support/pages/node/7169825 advisory
- https://www.ibm.com/support/pages/node/7174634 advisory
- https://access.redhat.com/errata/RHSA-2024:8887 advisory
- https://access.redhat.com/errata/RHSA-2024:8886 advisory
- https://access.redhat.com/errata/RHSA-2024:8884 advisory
- https://access.redhat.com/errata/RHSA-2024:8885 advisory
- https://www.ibm.com/support/pages/node/7176911 advisory
…and 9 more