7.4
CVE-2024-10963
- EPSS 0.28%
- Veröffentlicht 07.11.2024 16:15:17
- Zuletzt bearbeitet 06.02.2025 06:15:29
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/linux-pam/linux-pam/
≫
Paket
pam
Default Statusunaffected
Version
1.3.1
Status
affected
Version
1.5.1
Status
affected
Version <
1.7.0
Version
1.6.0
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
Version <
*
Version
0:1.3.1-36.el8_10
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:1.5.1-22.el9_5
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:1.5.1-22.el9_5
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version <
*
Version
0:1.5.1-23.el9_4
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.16
Default Statusaffected
Version <
*
Version
416.94.202411261619-0
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.17
Default Statusaffected
Version <
*
Version
417.94.202411261220-0
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift AI 2.16
Default Statusaffected
Version <
*
Version
sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7
Default Statusunaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.507 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.