VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-3xp2-cf3t-aaak

Essentials
Severities (119)
References (35)
Severity details (39)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-3xp2-cf3t-aaak
Aliases	CVE-2024-1459 GHSA-v76w-3ph8-vm66
Summary	undertow: directory traversal vulnerability
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-24	Path Traversal: '../filedir'
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1674
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1674
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1674
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1674
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1675
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1675
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1675
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1675
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1676
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1676
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1676
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1676
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1677
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1677
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1677
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1677
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2763
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:2763
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2764
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:2764
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json
cvssv3.1	5.3	https://access.redhat.com/security/cve/CVE-2024-1459
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.0209	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.02226	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.04052	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.04052	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.04052	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.04052	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.04052	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.04052	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05817	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.0584	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.0584	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.06015	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
cvssv3.1	5.3	https://bugzilla.redhat.com/show_bug.cgi?id=2259475
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2259475
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-v76w-3ph8-vm66
cvssv3.1	5.3	https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
generic_textual	MODERATE	https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
cvssv3.1	5.3	https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
generic_textual	MODERATE	https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
cvssv3.1	5.3	https://github.com/undertow-io/undertow/pull/1556
generic_textual	MODERATE	https://github.com/undertow-io/undertow/pull/1556
cvssv3.1	5.3	https://issues.redhat.com/browse/UNDERTOW-2339
generic_textual	MODERATE	https://issues.redhat.com/browse/UNDERTOW-2339
cvssv3	5.3	https://nvd.nist.gov/vuln/detail/CVE-2024-1459
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2024-1459
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-1459
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20241122-0008
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20241122-0008

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:1674
		https://access.redhat.com/errata/RHSA-2024:1675
		https://access.redhat.com/errata/RHSA-2024:1676
		https://access.redhat.com/errata/RHSA-2024:1677
		https://access.redhat.com/errata/RHSA-2024:2763
		https://access.redhat.com/errata/RHSA-2024:2764
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json
		https://access.redhat.com/security/cve/CVE-2024-1459
		https://api.first.org/data/v1/epss?cve=CVE-2024-1459
		https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
		https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
		https://github.com/undertow-io/undertow/pull/1556
		https://issues.redhat.com/browse/UNDERTOW-2339
		https://security.netapp.com/advisory/ntap-20241122-0008
		https://security.netapp.com/advisory/ntap-20241122-0008/
1068816		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816
2259475		https://bugzilla.redhat.com/show_bug.cgi?id=2259475
cpe:2.3:a:redhat:undertow:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:-:::::::*
cpe:/a:redhat:jboss_data_grid:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
cpe:/a:redhat:jboss_enterprise_bpms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_enterprise_brms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
cpe:/a:redhat:jboss_fuse:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
cpe:/a:redhat:jboss_fuse:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:quarkus:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
cpe:/a:redhat:red_hat_single_sign_on:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
CVE-2024-1459		https://nvd.nist.gov/vuln/detail/CVE-2024-1459
GHSA-v76w-3ph8-vm66		https://github.com/advisories/GHSA-v76w-3ph8-vm66

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1674

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1674

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1675

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1675

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1676

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1676

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1677

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1677

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2763

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2764

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2024-1459

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2259475

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/undertow-io/undertow/pull/1556

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://issues.redhat.com/browse/UNDERTOW-2339

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-1459

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-1459

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20241122-0008

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.37402
EPSS Score	0.00086
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-02-13T00:05:36.613175+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json	34.0.0rc2