VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5w7z-gku5-aaad

Essentials
Severities (132)
References (70)
Severity details (54)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5w7z-gku5-aaad
Aliases	CVE-2024-1635 GHSA-w6qf-42m7-vh68
Summary	A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-400	Uncontrolled Resource Consumption
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1674
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1674
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1674
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1675
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1675
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1675
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1676
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1676
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1676
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1677
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1677
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1677
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1860
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1860
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1860
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1861
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1861
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1861
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1862
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1862
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1862
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1864
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1864
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1864
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1866
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1866
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1866
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:3354
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:3354
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:3354
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:4884
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:4884
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:4884
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:4226
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2025:4226
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:4226
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1635.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2024-1635
generic_textual	HIGH	https://access.redhat.com/security/cve/CVE-2024-1635
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.01268	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.01268	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.01268	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.01268	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.01435	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.01435	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.01881	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.01881	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.01881	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.05955	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.0833	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.08538	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.08538	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.08538	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.10466	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.10466	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.10466	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.10466	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.10466	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.10466	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.10466	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.10466	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.10466	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.11046	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.11046	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.11046	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.63277	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.63277	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.63277	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.63277	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.63277	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.63277	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.63277	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.63277	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.63277	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
epss	0.71843	https://api.first.org/data/v1/epss?cve=CVE-2024-1635
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2264928
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=2264928
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2264928
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-w6qf-42m7-vh68
cvssv3.1	7.5	https://github.com/undertow-io/undertow
generic_textual	HIGH	https://github.com/undertow-io/undertow
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/3cdb104e225f34547ce9fd6eb8799eb68e040f19
generic_textual	HIGH	https://github.com/undertow-io/undertow/commit/3cdb104e225f34547ce9fd6eb8799eb68e040f19
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/7d388c5aae9b82afb63f24e3b6a2044838dfb4de
generic_textual	HIGH	https://github.com/undertow-io/undertow/commit/7d388c5aae9b82afb63f24e3b6a2044838dfb4de
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-1635
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2024-1635
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20240322-0007
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20240322-0007

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:1674
		https://access.redhat.com/errata/RHSA-2024:1675
		https://access.redhat.com/errata/RHSA-2024:1676
		https://access.redhat.com/errata/RHSA-2024:1677
		https://access.redhat.com/errata/RHSA-2024:1860
		https://access.redhat.com/errata/RHSA-2024:1861
		https://access.redhat.com/errata/RHSA-2024:1862
		https://access.redhat.com/errata/RHSA-2024:1864
		https://access.redhat.com/errata/RHSA-2024:1866
		https://access.redhat.com/errata/RHSA-2024:4884
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1635.json
		https://access.redhat.com/security/cve/CVE-2024-1635
		https://api.first.org/data/v1/epss?cve=CVE-2024-1635
		https://bugzilla.redhat.com/show_bug.cgi?id=2264928
		https://github.com/undertow-io/undertow
		https://github.com/undertow-io/undertow/commit/3cdb104e225f34547ce9fd6eb8799eb68e040f19
		https://github.com/undertow-io/undertow/commit/7d388c5aae9b82afb63f24e3b6a2044838dfb4de
		https://security.netapp.com/advisory/ntap-20240322-0007
		https://security.netapp.com/advisory/ntap-20240322-0007/
1068817		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068817
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:redhat:fuse:1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:fuse:1.0:::::::*
cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:::::::*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:::::::*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::*
cpe:2.3:a:redhat:single_sign-on:7.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.6:::::::*
cpe:2.3:a:redhat:single_sign-on:-::::text-only:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-::::text-only:::
cpe:/a:redhat:amq_streams:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1
cpe:/a:redhat:apache_camel_spring_boot:4.4.1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.1
cpe:/a:redhat:apache_camel_spring_boot:4.4::el6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
cpe:/a:redhat:build_keycloak:		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:build_keycloak:22		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:camel_quarkus:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
cpe:/a:redhat:camel_quarkus:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:3
cpe:/a:redhat:camel_spring_boot:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
cpe:/a:redhat:camel_spring_boot:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4
cpe:/a:redhat:integration:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
cpe:/a:redhat:jboss_data_grid:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_bpms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_fuse:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:jboss_fuse_service_works:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
cpe:/a:redhat:optaplanner:::el6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6
cpe:/a:redhat:quarkus:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
cpe:/a:redhat:red_hat_single_sign_on:7.6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
cpe:/a:redhat:rhosemc:1.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
cpe:/a:redhat:serverless:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
cpe:/a:redhat:service_registry:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
CVE-2024-1635		https://nvd.nist.gov/vuln/detail/CVE-2024-1635
GHSA-w6qf-42m7-vh68		https://github.com/advisories/GHSA-w6qf-42m7-vh68
RHSA-2024:3354		https://access.redhat.com/errata/RHSA-2024:3354
RHSA-2025:4226		https://access.redhat.com/errata/RHSA-2025:4226
RHSA-2025:9583		https://access.redhat.com/errata/RHSA-2025:9583

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1674

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1674

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1675

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1675

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1676

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1676

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1677

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1677

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1860

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1860

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1861

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1861

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1862

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1862

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1864

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1864

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1866

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1866

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:3354

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:3354

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:4884

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:4884

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:4226

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/errata/RHSA-2025:4226

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1635.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-1635

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://access.redhat.com/security/cve/CVE-2024-1635

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2264928

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2264928

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/3cdb104e225f34547ce9fd6eb8799eb68e040f19

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/7d388c5aae9b82afb63f24e3b6a2044838dfb4de

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-1635

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240322-0007

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.14083
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-04-23T17:18:06.274676+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-1635	34.0.0rc4