VDB
CVE-2024-52798
CVE-2024-52798
PUBLISHED
CVSS 8.699999809265137 HIGH
Es existiert eine Schwachstelle in HCL BigFix Server Automation. Sie befindet sich in der Bibliothek path-to-regex. Aufgrund einer Altlast aus einer früheren Schwachstelle werden dadurch ineffiziente irreguläre Ausdrücke erzeugt. Bei der Verarbeitung dieser ineffizienten Regexe kann es zu Backtracking-Problemen kommen. Ein entfernter, anonymer Angreifer kann so speziell formatierte Anfragen senden und einen Denial of Service auslösen.
EPSS 0.29% · 53.0th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.29%
53.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| HCL | HCL BigFix Server Automation <9.5.71 | |
| IBM | IBM App Connect Enterprise <12.0.12.10 | |
| HCL | HCL BigFix Compliance | |
| IBM | IBM QRadar SIEM 7.5.0 | |
| IBM | IBM App Connect Enterprise | |
| IBM | IBM QRadar SIEM Data Synchronization App <3.2.1 | |
| IBM | IBM QRadar SIEM Log Source Management App <7.0.11 | |
| IBM | IBM Rational Business Developer 9.7 | |
| IBM | IBM App Connect Enterprise <13.0.2.1 | |
| IBM | IBM Rational Business Developer 9.6 | |
| HCL | HCL BigFix WebUI Applications | |
| IBM | IBM License Metric Tool <9.2.39 | |
| Red Hat | Red Hat Enterprise Linux |
Exploit Intelligence
- pnpm-workspace.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
…and 2 more exploits
Timeline
- Jan 21, 1970 Security Advisory
- Dec 5, 2024 CVE Published
- Dec 7, 2024 EPSS Score
- Dec 24, 2024 EPSS Score
- Jan 10, 2025 EPSS Score
- Jan 27, 2025 EPSS Score
- Jan 30, 2025 Coalition ESS Score
- Feb 12, 2025 EPSS Score
- Mar 1, 2025 EPSS Score
- Mar 18, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
- Apr 21, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0043.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0043 advisory
- https://www.ibm.com/support/pages/node/7180725 advisory
- https://www.ibm.com/support/pages/node/7181570 advisory
- https://www.ibm.com/support/pages/node/7181915 advisory
- https://access.redhat.com/errata/RHSA-2025:0892 advisory
- https://access.redhat.com/errata/RHSA-2025:1051 advisory
- https://www.ibm.com/support/pages/node/7184092 advisory
- https://www.ibm.com/support/pages/node/7184955 advisory
- https://www.ibm.com/support/pages/node/7186423 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0264.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0264 advisory
- https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118718 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0504.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0504 advisory
- https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119678 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0580.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0580 advisory
- https://www.ibm.com/support/pages/node/7186586 advisory
- https://advisories.gitlab.com/pkg/gem/rack/CVE-2025-25184/ advisory
…and 3 more