VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pfv7-q3ge-rfft

Essentials
Severities (62)
References (35)
Severity details (38)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pfv7-q3ge-rfft
Aliases	CVE-2024-1459 GHSA-v76w-3ph8-vm66
Summary	Undertow Path Traversal vulnerability A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-24	Path Traversal: '../filedir'
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1674
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1674
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1674
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1675
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1675
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1675
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1676
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1676
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1676
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1677
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1677
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1677
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2763
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:2763
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2763
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2764
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:2764
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2764
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json
cvssv3.1	5.3	https://access.redhat.com/security/cve/CVE-2024-1459
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2024-1459
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-1459
epss	0.05424	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05424	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05424	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.05424	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
epss	0.07724	https://api.first.org/data/v1/epss?cve=CVE-2024-1459
cvssv3.1	5.3	https://bugzilla.redhat.com/show_bug.cgi?id=2259475
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2259475
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2259475
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-v76w-3ph8-vm66
cvssv3.1	5.3	https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
generic_textual	MODERATE	https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
cvssv3.1	5.3	https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
generic_textual	MODERATE	https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
cvssv3.1	5.3	https://github.com/undertow-io/undertow/pull/1556
generic_textual	MODERATE	https://github.com/undertow-io/undertow/pull/1556
cvssv3.1	5.3	https://issues.redhat.com/browse/UNDERTOW-2339
generic_textual	MODERATE	https://issues.redhat.com/browse/UNDERTOW-2339
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2024-1459
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-1459
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20241122-0008
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20241122-0008

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:1674
		https://access.redhat.com/errata/RHSA-2024:1675
		https://access.redhat.com/errata/RHSA-2024:1676
		https://access.redhat.com/errata/RHSA-2024:1677
		https://access.redhat.com/errata/RHSA-2024:2763
		https://access.redhat.com/errata/RHSA-2024:2764
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json
		https://access.redhat.com/security/cve/CVE-2024-1459
		https://api.first.org/data/v1/epss?cve=CVE-2024-1459
		https://bugzilla.redhat.com/show_bug.cgi?id=2259475
		https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
		https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
		https://github.com/undertow-io/undertow/pull/1556
		https://issues.redhat.com/browse/UNDERTOW-2339
		https://nvd.nist.gov/vuln/detail/CVE-2024-1459
		https://security.netapp.com/advisory/ntap-20241122-0008
		https://security.netapp.com/advisory/ntap-20241122-0008/
1068816		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816
cpe:2.3:a:redhat:undertow:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:-:::::::*
cpe:/a:redhat:jboss_data_grid:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
cpe:/a:redhat:jboss_enterprise_bpms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_enterprise_brms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
cpe:/a:redhat:jboss_fuse:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
cpe:/a:redhat:jboss_fuse:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:quarkus:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
cpe:/a:redhat:red_hat_single_sign_on:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
GHSA-v76w-3ph8-vm66		https://github.com/advisories/GHSA-v76w-3ph8-vm66

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1674

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/ Found at https://access.redhat.com/errata/RHSA-2024:1674

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1675

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/ Found at https://access.redhat.com/errata/RHSA-2024:1675

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1676

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/ Found at https://access.redhat.com/errata/RHSA-2024:1676

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1677

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/ Found at https://access.redhat.com/errata/RHSA-2024:1677

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2763

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/ Found at https://access.redhat.com/errata/RHSA-2024:2763

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2764

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/ Found at https://access.redhat.com/errata/RHSA-2024:2764

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2024-1459

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/ Found at https://access.redhat.com/security/cve/CVE-2024-1459

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2259475

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2259475

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/undertow-io/undertow/pull/1556

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://issues.redhat.com/browse/UNDERTOW-2339

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-1459

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20241122-0008

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.89843
EPSS Score	0.05424
Published At	Aug. 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:32:33.746711+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-v76w-3ph8-vm66/GHSA-v76w-3ph8-vm66.json	37.0.0