CWE-754
Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
CVE-2024-45650 (GCVE-0-2024-45650)
Vulnerability from cvelistv5 – Published: 2025-01-31 15:07 – Updated: 2025-01-31 15:24
VLAI
Title
IBM Security Verify Directory denial of service
Summary
IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation.
Severity
7.5 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Security Verify Directory |
Affected:
10.0.0 , ≤ 10.0.3
(semver)
cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_directory:10.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T15:24:19.672039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:24:33.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_directory:10.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Directory",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.3",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation."
}
],
"value": "IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:07:24.198Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7182169"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Directory denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45650",
"datePublished": "2025-01-31T15:07:24.198Z",
"dateReserved": "2024-09-03T13:50:26.295Z",
"dateUpdated": "2025-01-31T15:24:33.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47499 (GCVE-0-2024-47499)
Vulnerability from cvelistv5 – Published: 2024-10-11 15:30 – Updated: 2024-10-11 17:37
VLAI
Title
Junos OS and Junos OS Evolved: In a BMP scenario receipt of a malformed AS PATH attribute can cause an RPD crash
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart.
This issue affects:
Junos OS:
* All versions before 21.2R3-S8,
* 21.4 versions before 21.4R3-S8,
* 22.2 versions before 22.2R3-S4,
* 22.3 versions before 22.3R3-S3,
* 22.4 versions before 22.4R3-S2,
* 23.2 versions before 23.2R2-S1,
* 23.4 versions before 23.4R1-S2, 23.4R2;
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* 21.4 versions before 21.4R3-S8-EVO,
* 22.2 versions before 22.2R3-S4-EVO,
* 22.3 versions before 22.3R3-S3-EVO,
* 22.4 versions before 22.4R3-S2-EVO,
* 23.2 versions before 23.2R2-S1-EVO,
* 23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO.
Severity
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA88129 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S8
(semver)
Affected: 21.4 , < 21.4R3-S8 (semver) Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S2 (semver) Affected: 23.2 , < 23.2R2-S1 (semver) Affected: 23.4 , < 23.4R1-S2, 23.4R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 21.2R3-S8-EVO
(semver)
Affected: 21.4 , < 21.4R3-S8-EVO (semver) Affected: 22.2 , < 22.2R3-S4-EVO (semver) Affected: 22.3 , < 22.3R3-S3-EVO (semver) Affected: 22.4 , < 22.4R3-S2-EVO (semver) Affected: 23.2 , < 23.2R2-S1-EVO (semver) Affected: 23.4 , < 23.4R1-S2-EVO, 23.4R2-EVO (semver) |
Date Public
2024-10-09 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4r3-s8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2-s1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s8-evo",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4r3-s8-evo",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4-evo",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3-evo",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s2-evo",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2-s1-evo",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s2-evo",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r2-evo",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:31:56.746037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:37:24.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo be exposed to this issue pre-policy for BMP needs to be configured at least once:\u003cbr\u003e[ protocols bgp ... bmp\u0026nbsp;\u003c/span\u003eroute-monitoring pre-policy ]\u003cbr\u003eor\u003cbr\u003e\n\n[ routing-options bmp ... route-monitoring pre-policy ]\u003cbr\u003e\n\n\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue pre-policy for BMP needs to be configured at least once:\n[ protocols bgp ... bmp\u00a0route-monitoring pre-policy ]\nor\n\n\n[ routing-options bmp ... route-monitoring pre-policy ]"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\u0026nbsp;\u003cbr\u003e\u003cbr\u003eIn a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S8,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S4,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S2,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S1,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R1-S2, 23.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eJunos OS Evolved:\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8-EVO,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S3-EVO,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S2-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S1-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\u00a0\n\nIn a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\n * 21.4 versions before 21.4R3-S8,\n * 22.2 versions before 22.2R3-S4,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3-S2,\n * 23.2 versions before 23.2R2-S1,\n * 23.4 versions before 23.4R1-S2, 23.4R2;\n\n\n\n\n\n\n\nJunos OS Evolved:\n\n\n\n\n * All versions before 21.2R3-S8-EVO,\n * 21.4 versions before 21.4R3-S8-EVO,\n * 22.2 versions before 22.2R3-S4-EVO,\n * 22.3 versions before 22.3R3-S3-EVO,\n * 22.4 versions before 22.4R3-S2-EVO,\n * 23.2 versions before 23.2R2-S1-EVO,\n * 23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:30:36.930Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA88129"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO,\n\nand all subsequent releases;\u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO,\n\nand all subsequent releases;\nJunos OS: 21.2R3-S8, 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA88129",
"defect": [
"1800905"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: In a BMP scenario receipt of a malformed AS PATH attribute can cause an RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "As a work-around, the \"exclude-non-feasible\" knob can be configured to prevent the crash at:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... bmp route-monitoring pre-policy exclude-non-feasible ]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003eor\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e\u003cbr\u003e\n\n[ routing-options bmp ... route-monitoring pre-policy exclude-non-feasible ]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003edepending on where pre-policy is configured.\u003c/tt\u003e"
}
],
"value": "As a work-around, the \"exclude-non-feasible\" knob can be configured to prevent the crash at:\n\n[ protocols bgp ... bmp route-monitoring pre-policy exclude-non-feasible ]\n\nor\n\n\n\n[ routing-options bmp ... route-monitoring pre-policy exclude-non-feasible ]\n\ndepending on where pre-policy is configured."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-47499",
"datePublished": "2024-10-11T15:30:36.930Z",
"dateReserved": "2024-09-25T15:26:52.609Z",
"dateUpdated": "2024-10-11T17:37:24.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47503 (GCVE-0-2024-47503)
Vulnerability from cvelistv5 – Published: 2024-10-11 15:32 – Updated: 2024-10-11 17:26
VLAI
Title
Junos OS: SRX4600 and SRX5000 Series: Sequence of specific PIM packets causes a flowd crash
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS).
If in a multicast scenario a sequence of
specific PIM packets is received, this will cause a flowd crash and restart, which leads to momentary service interruption.
This issue affects Junos OS on SRX 4600 and SRX 5000 Series:
* All versions before 21.4R3-S9,
* 22.2 versions before 22.2R3-S5,
* 22.3 versions before 22.3R3-S4,
* 22.4 versions before 22.4R3-S4,
* 23.2 versions before 23.2R2-S2,
* 23.4 versions before 23.4R2,
* 24.2 versions before 24.2R1-S1, 24.2R2.
Severity
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA88133 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S9
(semver)
Affected: 22.2 , < 22.2R3-S5 (semver) Affected: 22.3 , < 22.3R3-S4 (semver) Affected: 22.4 , < 22.4R3-S4 (semver) Affected: 23.2 , < 23.2R2-S2 (semver) Affected: 23.4 , < 23.4R2 (semver) Affected: 24.2 , < 24.2R1-S1, 24.2R2 (semver) |
Date Public
2024-10-09 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:26:00.812065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:26:09.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX 5000 Series",
"SRX 4600"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S4",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S1, 24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSRX4600 and\u0026nbsp;\u003c/span\u003eSRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIf in a multicast scenario a sequence of \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003especific\u0026nbsp;\u003c/span\u003ePIM packets is received, this will cause a flowd crash and restart, which leads to momentary service interruption.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX 4600 and SRX 5000 Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S9,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S5,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S4,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S4,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S2,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2,\u0026nbsp;\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R1-S1, 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and\u00a0SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS).\n\nIf in a multicast scenario a sequence of \n\nspecific\u00a0PIM packets is received, this will cause a flowd crash and restart, which leads to momentary service interruption.\nThis issue affects Junos OS on SRX 4600 and SRX 5000 Series:\n\n\n\n * All versions before 21.4R3-S9,\n * 22.2 versions before 22.2R3-S5,\n * 22.3 versions before 22.3R3-S4,\n * 22.4 versions before 22.4R3-S4,\n * 23.2 versions before 23.2R2-S2,\n * 23.4 versions before 23.4R2,\u00a0\n * 24.2 versions before 24.2R1-S1, 24.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:32:17.727Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA88133"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5*, 22.3R3-S4*, 22.4R3-S4, 23.2R2-S2, 23.4R2, 24.2R1-S1, 24.2R2*, 24.4R1*, and all subsequent releases.\u003cbr\u003e\n\n(* future release)"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5*, 22.3R3-S4*, 22.4R3-S4, 23.2R2-S2, 23.4R2, 24.2R1-S1, 24.2R2*, 24.4R1*, and all subsequent releases.\n\n\n(* future release)"
}
],
"source": {
"advisory": "JSA88133",
"defect": [
"1820291"
],
"discovery": "USER"
},
"title": "Junos OS: SRX4600 and SRX5000 Series: Sequence of specific PIM packets causes a flowd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-47503",
"datePublished": "2024-10-11T15:32:17.727Z",
"dateReserved": "2024-09-25T15:26:52.610Z",
"dateUpdated": "2024-10-11T17:26:09.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47507 (GCVE-0-2024-47507)
Vulnerability from cvelistv5 – Published: 2024-10-11 15:38 – Updated: 2024-10-11 17:13
VLAI
Title
Junos OS and Junos OS Evolved: BGP update message containing aggregator attribute with an ASN value of zero (0) is accepted
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices.
When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this.
This issue affects:
Junos OS:
* All versions before 21.4R3-S6,
* 22.2 versions before 22.2R3-S3,
* 22.4 versions before 22.4R3;
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* 22.2 versions before 22.2R3-S4-EVO,
* 22.4 versions before 22.4R3-EVO.
Severity
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA88138 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S6
(semver)
Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.4 , < 22.4R3 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 21.4R3-S7-EVO
(semver)
Affected: 22.2 , < 22.2R3-S4-EVO (semver) Affected: 22.4 , < 22.4R3-EVO (semver) |
Date Public
2024-10-09 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7-evo",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4-evo",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4r3-evo",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:08:39.369289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:13:40.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue a minimal BGP configuration like the following is required:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp group \u0026lt;name\u0026gt; neighbor ... ]\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue a minimal BGP configuration like the following is required:\n\n[ protocols bgp group \u003cname\u003e neighbor ... ]"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices.\u003cbr\u003e\u003cbr\u003eWhen a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S6,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices.\n\nWhen a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this.\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 21.4R3-S6,\n * 22.2 versions before 22.2R3-S3,\n * 22.4 versions before 22.4R3;\u00a0\n\n\n\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S7-EVO,\n * 22.2 versions before 22.2R3-S4-EVO,\n * 22.4 versions before 22.4R3-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:38:16.861Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA88138"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases;\u003cbr\u003eJunos OS: 21.4R3-S6, 22.1R3-S6, 22.2R3-S3, 22.4R3, 23.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases;\nJunos OS: 21.4R3-S6, 22.1R3-S6, 22.2R3-S3, 22.4R3, 23.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA88138",
"defect": [
"1708088"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: BGP update message containing aggregator attribute with an ASN value of zero (0) is accepted",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-47507",
"datePublished": "2024-10-11T15:38:16.861Z",
"dateReserved": "2024-09-25T15:26:52.610Z",
"dateUpdated": "2024-10-11T17:13:40.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51470 (GCVE-0-2024-51470)
Vulnerability from cvelistv5 – Published: 2024-12-18 19:56 – Updated: 2024-12-18 20:24
VLAI
Title
IBM MQ denial of service
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
Severity
6.5 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7179137 | vendor-advisory |
| https://www.ibm.com/support/pages/node/7178085 | vendor-advisory |
| https://www.ibm.com/support/pages/node/7177593 | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ |
Affected:
9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:* |
|
| IBM | MQ Appliance |
Affected:
9.3 LTS, 9.3 CD, 9.4 LTS
cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* |
|
| IBM | MQ for HPE NonStop |
Affected:
8.1.0 , ≤ 8.1.0.25
(semver)
cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T20:24:17.133411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T20:24:38.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.3 LTS, 9.3 CD, 9.4 LTS"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ for HPE NonStop",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.0.25",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e"
}
],
"value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T19:56:10.377Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7179137"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7178085"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7177593"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-51470",
"datePublished": "2024-12-18T19:56:10.377Z",
"dateReserved": "2024-10-28T10:50:18.700Z",
"dateUpdated": "2024-12-18T20:24:38.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52504 (GCVE-0-2024-52504)
Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:15
VLAI
Summary
A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions < V4.78), SIPROTEC 4 7SD610 (All versions < V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted.
Severity
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
Impacted products
29 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIPROTEC 4 6MD61 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 6MD63 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 6MD66 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 6MD665 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7SA522 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7SA6 |
Affected:
0 , < V4.78
(custom)
|
|
| Siemens | SIPROTEC 4 7SD5 |
Affected:
0 , < V4.78
(custom)
|
|
| Siemens | SIPROTEC 4 7SD610 |
Affected:
0 , < V4.78
(custom)
|
|
| Siemens | SIPROTEC 4 7SJ61 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7SJ62 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7SJ63 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7SJ64 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7SJ66 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7SS52 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7ST6 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7UM61 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7UM62 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7UT612 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7UT613 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7UT63 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7VE6 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7VK61 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 7VU683 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 Compact 7RW80 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 Compact 7SD80 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 Compact 7SJ80 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 Compact 7SJ81 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 Compact 7SK80 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPROTEC 4 Compact 7SK81 |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:09:20.387727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:15:53.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 6MD61",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 6MD63",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 6MD66",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 6MD665",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SA522",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SA6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SD5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SD610",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SJ61",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SJ62",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SJ63",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SJ64",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SJ66",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7SS52",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7ST6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7UM61",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7UM62",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7UT612",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7UT613",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7UT63",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7VE6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7VK61",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 7VU683",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 Compact 7RW80",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 Compact 7SD80",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 Compact 7SJ80",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 Compact 7SJ81",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 Compact 7SK80",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 4 Compact 7SK81",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions \u003c V4.78), SIPROTEC 4 7SD5 (All versions \u003c V4.78), SIPROTEC 4 7SD610 (All versions \u003c V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:48.226Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-400089.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-52504",
"datePublished": "2025-08-12T11:16:48.226Z",
"dateReserved": "2024-11-11T08:11:56.754Z",
"dateUpdated": "2025-08-12T19:15:53.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52895 (GCVE-0-2024-52895)
Vulnerability from cvelistv5 – Published: 2025-02-14 14:36 – Updated: 2025-02-14 15:01
VLAI
Title
IBM i denial of service
Summary
IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database.
Severity
6.5 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7183052 | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T15:01:42.964479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T15:01:56.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database."
}
],
"value": "IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T14:36:21.990Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7183052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-52895",
"datePublished": "2025-02-14T14:36:21.990Z",
"dateReserved": "2024-11-17T14:25:44.935Z",
"dateUpdated": "2025-02-14T15:01:56.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54114 (GCVE-0-2024-54114)
Vulnerability from cvelistv5 – Published: 2024-12-12 12:10 – Updated: 2024-12-12 15:43
VLAI
Summary
Out-of-bounds access vulnerability in playback in the DASH module
Impact: Successful exploitation of this vulnerability will affect availability.
Severity
4.4 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T15:20:59.125975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T15:43:49.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds access vulnerability in playback in the DASH module\u003cbr\u003eImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"value": "Out-of-bounds access vulnerability in playback in the DASH module\nImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T12:10:28.427Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2024-54114",
"datePublished": "2024-12-12T12:10:28.427Z",
"dateReserved": "2024-11-29T02:34:46.791Z",
"dateUpdated": "2024-12-12T15:43:49.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54115 (GCVE-0-2024-54115)
Vulnerability from cvelistv5 – Published: 2024-12-12 12:11 – Updated: 2024-12-12 15:43
VLAI
Summary
Out-of-bounds read vulnerability in the DASH module
Impact: Successful exploitation of this vulnerability will affect availability.
Severity
4.3 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T15:20:56.685373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T15:43:42.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds read vulnerability in the DASH module\u003cbr\u003eImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"value": "Out-of-bounds read vulnerability in the DASH module\nImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T12:11:32.505Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2024-54115",
"datePublished": "2024-12-12T12:11:32.505Z",
"dateReserved": "2024-11-29T02:34:46.791Z",
"dateUpdated": "2024-12-12T15:43:42.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54116 (GCVE-0-2024-54116)
Vulnerability from cvelistv5 – Published: 2024-12-12 12:12 – Updated: 2024-12-12 15:43
VLAI
Summary
Out-of-bounds read vulnerability in the M3U8 module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
Severity
4.3 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T15:20:54.278097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T15:43:21.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds read vulnerability in the M3U8 module\u003cbr\u003eImpact: Successful exploitation of this vulnerability may cause features to perform abnormally."
}
],
"value": "Out-of-bounds read vulnerability in the M3U8 module\nImpact: Successful exploitation of this vulnerability may cause features to perform abnormally."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T12:12:38.715Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2024-54116",
"datePublished": "2024-12-12T12:12:38.715Z",
"dateReserved": "2024-11-29T02:34:46.791Z",
"dateUpdated": "2024-12-12T15:43:21.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-3
Phase: Requirements
Strategy: Language Selection
Description:
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248).
Mitigation
Phase: Implementation
Description:
- Check the results of all functions that return a value and verify that the value is expected.
Mitigation
Phase: Implementation
Description:
- If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).
Mitigation ID: MIT-39
Phase: Implementation
Description:
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
- Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation ID: MIT-38
Phases: Architecture and Design, Implementation
Description:
- If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.
Mitigation
Phase: Architecture and Design
Description:
- Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.
No CAPEC attack patterns related to this CWE.