5.3

CVE-2024-9620

EPSS 0.03%
Published 08.10.2024 17:15:57
Last modified 10.10.2024 12:56:30
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/ansible/ansible

≫

Package event-driven-automation

Default Statusaffected

Version < 2.4

Version 0

Status affected

VendorRed Hat

≫

Product Red Hat Ansible Automation Platform 2

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.053

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://access.redhat.com/security/cve/CVE-2024-9620

https://bugzilla.redhat.com/show_bug.cgi?id=2317129

https://nvd.nist.gov/vuln/detail/CVE-2024-9620

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9620

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9620

EUVD