VDB
CVE-2024-42460
CVE-2024-42460
PUBLISHED
CVSS 8.699999809265137 HIGH
Es bestehen mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers. Diese Fehler betreffen das NodeJS Elliptic-Paket aufgrund einer nicht korrekten Validierung in ECDSA-Signaturen und aufgrund falscher Längenprüfungen in EDDSA-Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Signaturen zu manipulieren.
EPSS 0.24% · 47.6th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.24%
47.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM App Connect Enterprise Certified Container <11.5.1 | |
| SOS GmbH | SOS GmbH JobScheduler <2.6.7 | |
| IBM | IBM App Connect Enterprise Certified Container <5.0.18 | |
| IBM | IBM QRadar SIEM Data Synchronization App <3.2.1 | |
| SOS GmbH | SOS GmbH JobScheduler <2.7.2 | |
| Dell | Dell Data Protection Advisor <19.12 | |
| Red Hat | Red Hat OpenShift multicluster engine for Kubernetes <2.3.8 | |
| IBM | IBM App Connect Enterprise mobile(android) | |
| Fedora | Fedora Linux | |
| Red Hat | Red Hat OpenShift CodeReady Workspaces | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux | |
| SOS GmbH | SOS GmbH JobScheduler <2.5.10 | |
| IBM | IBM QRadar SIEM 7.5.0 | |
| Atlassian | Atlassian Bitbucket <8.19.25 (LTS) | |
| Red Hat | Red Hat OpenShift Mesh Containers <2.4.10 | |
| Splunk | Splunk Splunk Enterprise <9.3.2 | |
| SUSE | SUSE openSUSE | |
| IBM | IBM QRadar SIEM Log Source Management App <7.0.11 | |
| IBM | IBM App Connect Enterprise <12.0.12.10 |
…and 10 more
Exploit Intelligence
- https://github.com/indutny/elliptic/pull/317 (nist-nvd)
Timeline
- Jan 20, 1970 Fix PR Merged
- Aug 2, 2024 CVE Published
- Aug 6, 2024 EPSS Score
- Aug 27, 2024 EPSS Score
- Sep 17, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 8, 2024 EPSS Score
- Oct 29, 2024 EPSS Score
- Nov 19, 2024 EPSS Score
- Dec 11, 2024 EPSS Score
- Jan 1, 2025 EPSS Score
- Jan 23, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1799.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1799 advisory
- https://www.ibm.com/support/pages/node/7163968 advisory
- https://www.ibm.com/support/pages/node/7184429 advisory
- https://www.ibm.com/support/pages/node/7184430 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1912.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1912 advisory
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Remediation+Release+2.7.2 advisory
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Remediation+Release+2.6.7 advisory
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Remediation+Release+2.5.10 advisory
- https://change.sos-berlin.com/browse/JS-2130 advisory
- https://change.sos-berlin.com/browse/JOC-1889 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2035.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2035 advisory
- https://access.redhat.com/errata/RHSA-2024:6209 advisory
- https://rhn.redhat.com/errata/RHSA-2024:6210.html advisory
- https://access.redhat.com/errata/RHSA-2024:6667 advisory
- https://access.redhat.com/errata/RHSA-2024:6738 advisory
- https://access.redhat.com/errata/RHSA-2024:6779 advisory
- https://access.redhat.com/errata/RHSA-2024:7759 advisory
…and 46 more