CVE-2024-1965

EPSS 0.05%
Veröffentlicht 28.02.2024 13:15:07
Zuletzt bearbeitet 10.04.2025 19:26:56
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Server-Side Request Forgery vulnerability in Haivision's Aviwest Manager and Aviwest Steamhub. This vulnerability could allow an attacker to enumerate internal network configuration without the need for credentials. An attacker could compromise an internal server and retrieve requests sent by other users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Haivision ≫ Maanager

Haivision ≫ Streamhub

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.139

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cve-coordination@incibe.es	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-vulnerability-haivision-products

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1965

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1965

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1965

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-1965