CVE-2024-45719 — Vulnetix

CVE-2024-45719 PUBLISHED CVSS 2 LOW

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

EPSS 0.09% · 25.6th percentile

Risk Scores

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS Score

0.09%

25.6th percentile

Affected Products

Vendor	Product	Versions
apache	answer	0, 0
Apache Software Foundation	Apache Answer	0, 0
github.com	apache/incubator-answer	0, 0

Exploit Intelligence

CIRCL seen: CVE-2024-45719 (circl-sighting)
http://www.openwall.com/lists/oss-security/2024/11/22/1 (circl)
https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491 (circl)

Timeline

Nov 22, 2024 CVE Published
Nov 22, 2024 PoC Published
Nov 23, 2024 EPSS Score
Nov 27, 2024 CVE Updated
Dec 5, 2024 Coalition ESS Score
Dec 11, 2024 EPSS Score
Dec 29, 2024 EPSS Score
Jan 15, 2025 EPSS Score
Feb 1, 2025 EPSS Score
Feb 19, 2025 EPSS Score
Mar 8, 2025 EPSS Score
Mar 25, 2025 EPSS Score

References

https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491 vendor-advisory
http://www.openwall.com/lists/oss-security/2024/11/22/1 url
https://nvd.nist.gov/vuln/detail/CVE-2024-45719 advisory
https://github.com/apache/incubator-answer package

Open in Interactive Console →