VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5kpp-fmnn-aaaa

Essentials
Severities (129)
References (47)
Severity details (46)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5kpp-fmnn-aaaa
Aliases	CVE-2024-3653 GHSA-ch7q-gpff-h9hp
Summary	undertow: LearningPushHandler can lead to remote memory DoS attacks
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-401	Missing Release of Memory after Effective Lifetime
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:4392
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:4392
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:4392
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:4392
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:4392
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5143
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:5143
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5143
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5143
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5144
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:5144
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5144
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5144
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5145
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:5145
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5145
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5145
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5147
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:5147
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5147
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5147
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:6437
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:6437
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:6437
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3653.json
cvssv3.1	5.3	https://access.redhat.com/security/cve/CVE-2024-3653
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2024-3653
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00784	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00784	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00784	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.00919	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.0092	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.0092	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.0092	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.0092	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.0092	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.0092	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.0092	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.0092	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04206	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04206	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04206	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04435	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04435	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04435	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04435	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04435	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04435	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04435	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04785	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04785	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04785	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04785	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04785	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.04785	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05473	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05563	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.05932	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.19139	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
epss	0.19139	https://api.first.org/data/v1/epss?cve=CVE-2024-3653
cvssv3.1	5.3	https://bugzilla.redhat.com/show_bug.cgi?id=2274437
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2274437
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2274437
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-ch7q-gpff-h9hp
cvssv3.1	5.3	https://github.com/undertow-io/undertow
cvssv3.1	7.5	https://github.com/undertow-io/undertow
generic_textual	HIGH	https://github.com/undertow-io/undertow
generic_textual	MODERATE	https://github.com/undertow-io/undertow
cvssv3.1	5.3	https://github.com/undertow-io/undertow/pull/1639
generic_textual	MODERATE	https://github.com/undertow-io/undertow/pull/1639
cvssv3.1	5.3	https://github.com/undertow-io/undertow/pull/1640
generic_textual	MODERATE	https://github.com/undertow-io/undertow/pull/1640
cvssv3.1	5.3	https://github.com/undertow-io/undertow/pull/1641
generic_textual	MODERATE	https://github.com/undertow-io/undertow/pull/1641
cvssv3.1	5.3	https://issues.redhat.com/browse/UNDERTOW-2382
generic_textual	MODERATE	https://issues.redhat.com/browse/UNDERTOW-2382
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2024-3653
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-3653

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:4392
		https://access.redhat.com/errata/RHSA-2024:6437
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3653.json
		https://access.redhat.com/security/cve/CVE-2024-3653
		https://api.first.org/data/v1/epss?cve=CVE-2024-3653
		https://github.com/undertow-io/undertow
		https://github.com/undertow-io/undertow/pull/1639
		https://github.com/undertow-io/undertow/pull/1640
		https://github.com/undertow-io/undertow/pull/1641
		https://issues.redhat.com/browse/UNDERTOW-2382
		https://security.netapp.com/advisory/ntap-20240828-0002/
1077547		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077547
2274437		https://bugzilla.redhat.com/show_bug.cgi?id=2274437
cpe:/a:redhat:amq_streams:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1
cpe:/a:redhat:apache_camel_hawtio:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
cpe:/a:redhat:build_keycloak:		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:build_keycloak:22		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:camel_quarkus:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
cpe:/a:redhat:camel_quarkus:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:3
cpe:/a:redhat:camel_spring_boot:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
cpe:/a:redhat:camel_spring_boot:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4
cpe:/a:redhat:integration:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
cpe:/a:redhat:jboss_data_grid:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jbosseapxp		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:jboss_enterprise_application_platform:7.4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_bpms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_fuse:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:jboss_fuse_service_works:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
cpe:/a:redhat:optaplanner:::el6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6
cpe:/a:redhat:quarkus:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
cpe:/a:redhat:quarkus:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
cpe:/a:redhat:quarkus:3.8::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3.8::el8
cpe:/a:redhat:red_hat_single_sign_on:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
cpe:/a:redhat:rhboac_hawtio:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4
cpe:/a:redhat:serverless:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
cpe:/a:redhat:service_registry:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
CVE-2024-3653		https://nvd.nist.gov/vuln/detail/CVE-2024-3653
GHSA-ch7q-gpff-h9hp		https://github.com/advisories/GHSA-ch7q-gpff-h9hp
RHSA-2024:5143		https://access.redhat.com/errata/RHSA-2024:5143
RHSA-2024:5144		https://access.redhat.com/errata/RHSA-2024:5144
RHSA-2024:5145		https://access.redhat.com/errata/RHSA-2024:5145
RHSA-2024:5147		https://access.redhat.com/errata/RHSA-2024:5147

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:4392

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:4392

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/ Found at https://access.redhat.com/errata/RHSA-2024:4392

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5143

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5143

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/ Found at https://access.redhat.com/errata/RHSA-2024:5143

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5144

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5144

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/ Found at https://access.redhat.com/errata/RHSA-2024:5144

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5145

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5145

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/ Found at https://access.redhat.com/errata/RHSA-2024:5145

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/ Found at https://access.redhat.com/errata/RHSA-2024:5147

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5147

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:6437

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/ Found at https://access.redhat.com/errata/RHSA-2024:6437

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3653.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/security/cve/CVE-2024-3653

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/ Found at https://access.redhat.com/security/cve/CVE-2024-3653

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2274437

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2274437

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/undertow-io/undertow/pull/1639

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/undertow-io/undertow/pull/1640

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/undertow-io/undertow/pull/1641

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://issues.redhat.com/browse/UNDERTOW-2382

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-3653

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.14083
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-07-09T04:08:19.091588+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3653.json	34.0.0rc4