VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pdh7-4hjp-aaan

Essentials
Severities (122)
References (41)
Severity details (38)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pdh7-4hjp-aaan
Aliases	CVE-2023-4639 GHSA-3jrv-jgp8-45v3
Summary	undertow: Cookie Smuggling/Spoofing
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1674
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1674
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1674
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1675
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1675
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1675
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1676
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1676
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1676
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1677
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1677
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1677
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:2763
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:2763
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2763
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:2764
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:2764
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2764
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:3919
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:3919
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:3919
cvssv3	7.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4639.json
cvssv3.1	7.4	https://access.redhat.com/security/cve/CVE-2023-4639
generic_textual	HIGH	https://access.redhat.com/security/cve/CVE-2023-4639
ssvc	Track	https://access.redhat.com/security/cve/CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.00621	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01146	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01212	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01309	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01331	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
epss	0.01331	https://api.first.org/data/v1/epss?cve=CVE-2023-4639
cvssv3.1	7.4	https://bugzilla.redhat.com/show_bug.cgi?id=2166022
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=2166022
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2166022
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-3jrv-jgp8-45v3
cvssv3.1	7.4	https://github.com/undertow-io/undertow
generic_textual	HIGH	https://github.com/undertow-io/undertow
cvssv3.1	7.4	https://github.com/undertow-io/undertow/commit/1f93a979d2ac264798e5779b5b7172dfafe0066f
generic_textual	HIGH	https://github.com/undertow-io/undertow/commit/1f93a979d2ac264798e5779b5b7172dfafe0066f
cvssv3	7.4	https://nvd.nist.gov/vuln/detail/CVE-2023-4639
cvssv3.1	7.4	https://nvd.nist.gov/vuln/detail/CVE-2023-4639
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2023-4639
cvssv3.1	7.4	https://security.netapp.com/advisory/ntap-20250207-0001
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20250207-0001

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:1674
		https://access.redhat.com/errata/RHSA-2024:1675
		https://access.redhat.com/errata/RHSA-2024:1676
		https://access.redhat.com/errata/RHSA-2024:1677
		https://access.redhat.com/errata/RHSA-2024:2763
		https://access.redhat.com/errata/RHSA-2024:2764
		https://access.redhat.com/errata/RHSA-2024:3919
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4639.json
		https://access.redhat.com/security/cve/CVE-2023-4639
		https://api.first.org/data/v1/epss?cve=CVE-2023-4639
		https://github.com/undertow-io/undertow
		https://github.com/undertow-io/undertow/commit/1f93a979d2ac264798e5779b5b7172dfafe0066f
		https://nvd.nist.gov/vuln/detail/CVE-2023-4639
		https://security.netapp.com/advisory/ntap-20250207-0001
		https://security.netapp.com/advisory/ntap-20250207-0001/
1063539		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063539
2166022		https://bugzilla.redhat.com/show_bug.cgi?id=2166022
cpe:/a:redhat:camel_quarkus:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
cpe:/a:redhat:camel_spring_boot:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
cpe:/a:redhat:integration:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
cpe:/a:redhat:jboss_data_grid:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jboss_enterprise_application_platform:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
cpe:/a:redhat:jboss_enterprise_application_platform:7.4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
cpe:/a:redhat:jboss_enterprise_bpms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_enterprise_brms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
cpe:/a:redhat:jboss_fuse:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
cpe:/a:redhat:jboss_fuse:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:jboss_fuse_service_works:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
cpe:/a:redhat:migration_toolkit_applications:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
cpe:/a:redhat:quarkus:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
cpe:/a:redhat:red_hat_single_sign_on:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
cpe:/a:redhat:service_registry:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
GHSA-3jrv-jgp8-45v3		https://github.com/advisories/GHSA-3jrv-jgp8-45v3

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:1674

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/ Found at https://access.redhat.com/errata/RHSA-2024:1674

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:1675

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/ Found at https://access.redhat.com/errata/RHSA-2024:1675

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:1676

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/ Found at https://access.redhat.com/errata/RHSA-2024:1676

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:1677

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/ Found at https://access.redhat.com/errata/RHSA-2024:1677

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:2763

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/ Found at https://access.redhat.com/errata/RHSA-2024:2763

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:2764

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/ Found at https://access.redhat.com/errata/RHSA-2024:2764

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:3919

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/ Found at https://access.redhat.com/errata/RHSA-2024:3919

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4639.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/security/cve/CVE-2023-4639

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/ Found at https://access.redhat.com/security/cve/CVE-2023-4639

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2166022

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2166022

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/undertow-io/undertow/commit/1f93a979d2ac264798e5779b5b7172dfafe0066f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4639

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4639

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20250207-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.42015
EPSS Score	0.00098
Published At	Nov. 18, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-02-09T07:45:31.796719+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4639.json	34.0.0rc2