VDB
CVE-2024-42461
CVE-2024-42461
PUBLISHED
CVSS 8.699999809265137 HIGH
Es bestehen mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers. Diese Fehler betreffen das NodeJS Elliptic-Paket aufgrund einer nicht korrekten Validierung in ECDSA-Signaturen und aufgrund falscher Längenprüfungen in EDDSA-Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Signaturen zu manipulieren.
EPSS 2.90% · 86.6th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
2.90%
86.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM Cognos Analytics mobile(iOS) | |
| SUSE | SUSE openSUSE | |
| IBM | IBM App Connect Enterprise Certified Container <11.5.1 | |
| Red Hat | Red Hat OpenShift multicluster engine for Kubernetes <2.3.8 | |
| Fedora | Fedora Linux | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Atlassian | Atlassian Bitbucket <8.19.25 (LTS) | |
| Dell | Dell Data Protection Advisor <19.12 | |
| IBM | IBM App Connect Enterprise mobile(android) | |
| SOS GmbH | SOS GmbH JobScheduler <2.7.2 | |
| IBM | IBM QRadar SIEM Data Synchronization App <3.2.1 | |
| IBM | IBM QRadar SIEM Log Source Management App <7.0.11 | |
| Splunk | Splunk Splunk Enterprise <9.1.7 | |
| IBM | IBM QRadar SIEM 7.5.0 | |
| IBM | IBM App Connect Enterprise <12.0.12.10 | |
| Red Hat | Red Hat Enterprise Linux Advanced Cluster Management <2.11.3 | |
| Red Hat | Red Hat OpenShift Mesh Containers <2.4.10 | |
| Red Hat | Red Hat Enterprise Linux | |
| Splunk | Splunk Splunk Enterprise <9.2.4 | |
| Red Hat | Red Hat OpenShift Container Platform <4.17.4 |
…and 10 more
Timeline
- Jan 20, 1970 Fix PR Merged
- Aug 2, 2024 CVE Published
- Aug 6, 2024 EPSS Score
- Aug 27, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 8, 2024 EPSS Score
- Oct 16, 2024 Coalition ESS Score
- Oct 29, 2024 EPSS Score
- Dec 11, 2024 EPSS Score
- Jan 1, 2025 EPSS Score
- Jan 5, 2025 Coalition ESS Score
- Feb 12, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1799.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1799 advisory
- https://www.ibm.com/support/pages/node/7163968 advisory
- https://www.ibm.com/support/pages/node/7184429 advisory
- https://www.ibm.com/support/pages/node/7184430 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1912.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1912 advisory
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Remediation+Release+2.7.2 advisory
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Remediation+Release+2.6.7 advisory
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Remediation+Release+2.5.10 advisory
- https://change.sos-berlin.com/browse/JS-2130 advisory
- https://change.sos-berlin.com/browse/JOC-1889 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2035.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2035 advisory
- https://access.redhat.com/errata/RHSA-2024:6209 advisory
- https://rhn.redhat.com/errata/RHSA-2024:6210.html advisory
- https://access.redhat.com/errata/RHSA-2024:6667 advisory
- https://access.redhat.com/errata/RHSA-2024:6738 advisory
- https://access.redhat.com/errata/RHSA-2024:6779 advisory
- https://access.redhat.com/errata/RHSA-2024:7759 advisory
…and 46 more