CVE-2024-5206 — Vulnetix

CVE-2024-5206 PUBLISHED

Es besteht eine Schwachstelle in IBM Business Automation Workflow. Dieser Fehler besteht in der Komponente scikit-learn aufgrund einer unerwarteten Speicherung aller in den Trainingsdaten vorhandenen Token innerhalb des Attributs stop_words_. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter authentifizierter Angreifer diese Schwachstelle ausnutzen, um Passwörter oder Schlüsselinformationen zu erhalten und so vertrauliche Informationen offenzulegen.

EPSS 0.04% · 11.5th percentile

Risk Scores

EPSS Score

0.04%

11.5th percentile

Affected Products

Vendor	Product	Versions
Oracle	Oracle Financial Services Applications 22.2.0.0.0
Dell	Dell PowerProtect Data Domain <8.3.0.0
Oracle	Oracle Financial Services Applications 6.1.0.0.0
Oracle	Oracle Financial Services Applications 8.0.7.8
Oracle	Oracle Financial Services Applications 8.0.8
Dell	Dell PowerProtect Data Domain <7.10.1.50
Dell	Dell PowerProtect Data Domain <8.4.0.0
Oracle	Oracle Financial Services Applications 14.7.0.7.0
Dell	Dell PowerProtect Data Domain <7.13.1.40
Oracle	Oracle Financial Services Applications 8.1.2.8
Oracle	Oracle Financial Services Applications 5.1.0.0.0
Ubuntu	Ubuntu Linux
Oracle	Oracle Financial Services Applications 21.1.0.0.0
Oracle	Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0
Dell	Dell PowerProtect Data Domain
Oracle	Oracle Financial Services Applications 8.0.8.6
Oracle	Oracle Financial Services Applications 8.1.2.5
Dell	Dell PowerProtect Data Domain OS
Dell	Dell PowerProtect Data Domain <7.13.1.20
Oracle	Oracle Financial Services Applications 8.1.2.7.0

…and 10 more

Timeline

CVE Published
Jun 7, 2024 EPSS Score
Jun 30, 2024 EPSS Score
Jul 23, 2024 EPSS Score
Aug 15, 2024 EPSS Score
Sep 8, 2024 EPSS Score
Oct 1, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 24, 2024 EPSS Score
Oct 24, 2024 Coalition ESS Score
Nov 16, 2024 EPSS Score
Dec 10, 2024 EPSS Score

References

Open in Interactive Console →