CVE-2024-45719

EPSS 0.07%
Published 22.11.2024 15:15:10
Last modified 01.07.2025 20:29:14
Source security@apache.org
Teams watchlist Login
Open Login

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.0.

The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.
Users are recommended to upgrade to version 1.4.1, which fixes the issue.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Answer Version < 1.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.214

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	2.6	1	1.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2024/11/22/1

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-45719

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45719

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45719

EUVD