VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-aekd-gxd5-aaab

Essentials
Severities (101)
References (37)
Severity details (38)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-aekd-gxd5-aaab
Aliases	CVE-2024-6162 GHSA-9442-gm4v-r222
Summary	undertow: url-encoded request path information can be broken on ajp-listener
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-400	Uncontrolled Resource Consumption
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1194
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1194
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1194
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:4386
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:4386
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:4386
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:4884
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:4884
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:4884
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6162.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2024-6162
generic_textual	HIGH	https://access.redhat.com/security/cve/CVE-2024-6162
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.01655	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.01655	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.0176	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.0176	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.0176	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.0176	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.0176	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.0176	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.05725	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07302	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07302	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07302	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07302	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07585	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07585	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07585	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07585	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07585	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07585	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07585	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07585	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.07845	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
epss	0.18798	https://api.first.org/data/v1/epss?cve=CVE-2024-6162
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2293069
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=2293069
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2293069
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-9442-gm4v-r222
cvssv3.1	7.5	https://github.com/undertow-io/undertow
generic_textual	HIGH	https://github.com/undertow-io/undertow
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/90f202ada89b6d9883beed0f1fe10c99d470d9a8
generic_textual	HIGH	https://github.com/undertow-io/undertow/commit/90f202ada89b6d9883beed0f1fe10c99d470d9a8
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/a28ac53076e2fa532266d25e0c0b1a01d0e9d2cf
generic_textual	HIGH	https://github.com/undertow-io/undertow/commit/a28ac53076e2fa532266d25e0c0b1a01d0e9d2cf
cvssv3.1	7.5	https://github.com/undertow-io/undertow/pull/1612
generic_textual	HIGH	https://github.com/undertow-io/undertow/pull/1612
cvssv3.1	7.5	https://github.com/undertow-io/undertow/releases/tag/2.2.33.Final
generic_textual	HIGH	https://github.com/undertow-io/undertow/releases/tag/2.2.33.Final
cvssv3.1	7.5	https://github.com/undertow-io/undertow/releases/tag/2.3.14.Final
generic_textual	HIGH	https://github.com/undertow-io/undertow/releases/tag/2.3.14.Final
cvssv3.1	7.5	https://issues.redhat.com/browse/JBEAP-26268
generic_textual	HIGH	https://issues.redhat.com/browse/JBEAP-26268
ssvc	Track	https://issues.redhat.com/browse/JBEAP-26268
cvssv3.1	7.5	https://issues.redhat.com/browse/UNDERTOW-2334
generic_textual	HIGH	https://issues.redhat.com/browse/UNDERTOW-2334
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-6162
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2024-6162
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20241129-0009
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20241129-0009

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:4884
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6162.json
		https://access.redhat.com/security/cve/CVE-2024-6162
		https://api.first.org/data/v1/epss?cve=CVE-2024-6162
		https://github.com/undertow-io/undertow
		https://github.com/undertow-io/undertow/commit/90f202ada89b6d9883beed0f1fe10c99d470d9a8
		https://github.com/undertow-io/undertow/commit/a28ac53076e2fa532266d25e0c0b1a01d0e9d2cf
		https://github.com/undertow-io/undertow/pull/1612
		https://github.com/undertow-io/undertow/releases/tag/2.2.33.Final
		https://github.com/undertow-io/undertow/releases/tag/2.3.14.Final
		https://issues.redhat.com/browse/JBEAP-26268
		https://issues.redhat.com/browse/UNDERTOW-2334
		https://nvd.nist.gov/vuln/detail/CVE-2024-6162
		https://security.netapp.com/advisory/ntap-20241129-0009
		https://security.netapp.com/advisory/ntap-20241129-0009/
1077546		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077546
2293069		https://bugzilla.redhat.com/show_bug.cgi?id=2293069
cpe:/a:redhat:apache_camel_hawtio:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
cpe:/a:redhat:apache_camel_spring_boot:4.4.1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.1
cpe:/a:redhat:apache_camel_spring_boot:4.4::el6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
cpe:/a:redhat:build_keycloak:		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:build_keycloak:22		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:camel_spring_boot:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
cpe:/a:redhat:integration:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
cpe:/a:redhat:jboss_data_grid:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jbosseapxp		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:jboss_enterprise_application_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
cpe:/a:redhat:jboss_enterprise_application_platform:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_bpms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_fuse:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:red_hat_single_sign_on:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
cpe:/a:redhat:rhboac_hawtio:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4
GHSA-9442-gm4v-r222		https://github.com/advisories/GHSA-9442-gm4v-r222
RHSA-2024:1194		https://access.redhat.com/errata/RHSA-2024:1194
RHSA-2024:4386		https://access.redhat.com/errata/RHSA-2024:4386

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1194

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/ Found at https://access.redhat.com/errata/RHSA-2024:1194

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:4386

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/ Found at https://access.redhat.com/errata/RHSA-2024:4386

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:4884

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/ Found at https://access.redhat.com/errata/RHSA-2024:4884

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6162.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-6162

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/ Found at https://access.redhat.com/security/cve/CVE-2024-6162

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2293069

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2293069

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/90f202ada89b6d9883beed0f1fe10c99d470d9a8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/a28ac53076e2fa532266d25e0c0b1a01d0e9d2cf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/pull/1612

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/releases/tag/2.2.33.Final

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/releases/tag/2.3.14.Final

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://issues.redhat.com/browse/JBEAP-26268

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/ Found at https://issues.redhat.com/browse/JBEAP-26268

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://issues.redhat.com/browse/UNDERTOW-2334

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-6162

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20241129-0009

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.11214
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-06-20T16:46:15.872935+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6162.json	34.0.0rc4