5.9

CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerbouncycastle
Produkt bouncy_castle_for_java
Default Statusunknown
Version 0
Version < 1.78
Status affected
Herstellernetapp
Produkt active_iq_unified_manager
Default Statusunknown
Version 0
Version < *
Status affected
Herstellernetapp
Produkt bluexp
Default Statusunknown
Version 0
Version < *
Status affected
Herstellernetapp
Produkt ontap_tools
Default Statusunknown
Version 9
Status affected
Herstellernetapp
Produkt oncommand_workflow_automation
Default Statusunknown
Version 0
Version < *
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.9% 0.55
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://www.bouncycastle.org/latest_releases.html
https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
https://security.netapp.com/advisory/ntap-20240614-0008/