CVE-2024-38808 - Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Apache Camel Spring Boot Ocp Tools

No data.

Package	CPE	Advisory	Released Date
OCP-Tools-4.12-RHEL-8
jenkins-0:2.462.3.1730119132-3.el8	cpe:/a:redhat:ocp_tools:4.12::el8	RHSA-2024:8886	2024-11-05T00:00:00Z
jenkins-2-plugins-0:4.12.1730119231-1.el8	cpe:/a:redhat:ocp_tools:4.12::el8	RHSA-2024:8886	2024-11-05T00:00:00Z
OCP-Tools-4.13-RHEL-8
jenkins-0:2.462.3.1729839924-3.el8	cpe:/a:redhat:ocp_tools:4.13::el8	RHSA-2024:8887	2024-11-05T00:00:00Z
jenkins-2-plugins-0:4.13.1729840148-1.el8	cpe:/a:redhat:ocp_tools:4.13::el8	RHSA-2024:8887	2024-11-05T00:00:00Z
OCP-Tools-4.14-RHEL-8
jenkins-0:2.462.3.1729839727-3.el8	cpe:/a:redhat:ocp_tools:4.14::el8	RHSA-2024:8885	2024-11-05T00:00:00Z
jenkins-2-plugins-0:4.14.1729839844-1.el8	cpe:/a:redhat:ocp_tools:4.14::el8	RHSA-2024:8885	2024-11-05T00:00:00Z
OCP-Tools-4.15-RHEL-8
jenkins-0:2.462.3.1729837947-3.el8	cpe:/a:redhat:ocp_tools:4.15::el8	RHSA-2024:8884	2024-11-05T00:00:00Z
jenkins-2-plugins-0:4.15.1729838165-1.el8	cpe:/a:redhat:ocp_tools:4.15::el8	RHSA-2024:8884	2024-11-05T00:00:00Z
Red Hat build of Apache Camel 4.4.2 for Spring Boot
org.springframework/spring-expression	cpe:/a:redhat:apache_camel_spring_boot:4.4.2	RHSA-2024:6508	2024-09-09T00:00:00Z

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2024-38808
https://security.netapp.com/advisory/ntap-20240920-0002/
https://spring.io/security/cve-2024-38808
https://www.cve.org/CVERecord?id=CVE-2024-38808

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240920-0002/

Wed, 06 Nov 2024 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat ocp Tools
CPEs		cpe:/a:redhat:ocp_tools:4.12::el8 cpe:/a:redhat:ocp_tools:4.13::el8 cpe:/a:redhat:ocp_tools:4.14::el8 cpe:/a:redhat:ocp_tools:4.15::el8
Vendors & Products		Redhat ocp Tools

Wed, 30 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770

Tue, 10 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat apache Camel Spring Boot
CPEs		cpe:/a:redhat:apache_camel_spring_boot:4.4.2
Vendors & Products		Redhat Redhat apache Camel Spring Boot

Tue, 20 Aug 2024 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400
References		https://nvd.nist.gov/vuln/detail/CVE-2024-38808 https://www.cve.org/CVERecord?id=CVE-2024-38808
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 20 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 20 Aug 2024 07:30:00 +0000

Type	Values Removed	Values Added
Description		In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.
Title		CVE-2024-38808: Spring Expression DoS Vulnerability
References		https://spring.io/security/cve-2024-38808
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-08-20T07:12:44.736Z

Updated: 2024-10-30T18:41:27.943Z

Reserved: 2024-06-19T22:31:57.187Z

Link: CVE-2024-38808

Vulnrichment

Updated: 2024-09-20T16:03:07.732Z

NVD

Status : Awaiting Analysis

Published: 2024-08-20T08:15:05.023

Modified: 2024-11-21T09:26:50.877

Link: CVE-2024-38808

Redhat

Severity : Moderate

Publid Date: 2024-08-20T00:00:00Z

Links: CVE-2024-38808 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38808", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-06-19T22:31:57.187Z", "datePublished": "2024-08-20T07:12:44.736Z", "dateUpdated": "2024-10-30T18:41:27.943Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "Spring Framework", "product": "Spring Framework", "vendor": "Spring", "versions": [{"lessThan": "5.3.39, 6.0+", "status": "affected", "version": "5.3.0", "versionType": "5.3.396.0"}]}], "datePublic": "2024-08-14T07:08:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.Specifically, an application is vulnerable when the following is true:<ul><li>The application evaluates user-supplied SpEL expressions.</li></ul> "}], "value": "In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.\n\nSpecifically, an application is vulnerable when the following is true:\n\n * The application evaluates user-supplied SpEL expressions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-08-20T07:12:44.736Z"}, "references": [{"url": "https://spring.io/security/cve-2024-38808"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE-2024-38808: Spring Expression DoS Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-770", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-20T13:48:27.427803Z", "id": "CVE-2024-38808", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T18:41:27.943Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240920-0002/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-20T16:03:07.732Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240920-0002/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-20T16:03:07.732Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38808", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-20T13:48:27.427803Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T13:48:35.991Z"}}], "cna": {"title": "CVE-2024-38808: Spring Expression DoS Vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Spring", "product": "Spring Framework", "versions": [{"status": "affected", "version": "5.3.0", "lessThan": "5.3.39, 6.0+", "versionType": "5.3.396.0"}], "packageName": "Spring Framework", "defaultStatus": "affected"}], "datePublic": "2024-08-14T07:08:00.000Z", "references": [{"url": "https://spring.io/security/cve-2024-38808"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.\n\nSpecifically, an application is vulnerable when the following is true:\n\n * The application evaluates user-supplied SpEL expressions.", "supportingMedia": [{"type": "text/html", "value": "In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.Specifically, an application is vulnerable when the following is true:<ul><li>The application evaluates user-supplied SpEL expressions.</li></ul> ", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-08-20T07:12:44.736Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38808", "state": "PUBLISHED", "dateUpdated": "2024-10-30T18:41:27.943Z", "dateReserved": "2024-06-19T22:31:57.187Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-08-20T07:12:44.736Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.\n\nSpecifically, an application is vulnerable when the following is true:\n\n * The application evaluates user-supplied SpEL expressions."}, {"lang": "es", "value": "En las versiones de Spring Framework 5.3.0 - 5.3.38 y versiones anteriores no compatibles, es posible que un usuario proporcione una expresi\u00f3n Spring Expression Language (SpEL) especialmente manipulada que puede causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Espec\u00edficamente, una aplicaci\u00f3n es vulnerable cuando se cumple lo siguiente: * La aplicaci\u00f3n eval\u00faa expresiones SpEL proporcionadas por el usuario."}], "id": "CVE-2024-38808", "lastModified": "2024-11-21T09:26:50.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-08-20T08:15:05.023", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2024-38808"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240920-0002/"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8886", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-0:2.462.3.1730119132-3.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8886", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-2-plugins-0:4.12.1730119231-1.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8887", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-0:2.462.3.1729839924-3.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8887", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-2-plugins-0:4.13.1729840148-1.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8885", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-0:2.462.3.1729839727-3.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8885", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-2-plugins-0:4.14.1729839844-1.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8884", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-0:2.462.3.1729837947-3.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8884", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-2-plugins-0:4.15.1729838165-1.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:6508", "cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.4.2", "package": "org.springframework/spring-expression", "product_name": "Red Hat build of Apache Camel 4.4.2 for Spring Boot", "release_date": "2024-09-09T00:00:00Z"}], "bugzilla": {"description": "spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression", "id": "2305959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305959"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.\nSpecifically, an application is vulnerable when the following is true:\n* The application evaluates user-supplied SpEL expressions.", "A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language (SePL) may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions."], "name": "CVE-2024-38808", "package_state": [{"cpe": "cpe:/a:redhat:amq_clients:2023", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "AMQ Clients"}, {"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:camel_quarkus:3", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat build of Apache Camel 4 for Quarkus 3"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Out of support scope", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:rhboac_hawtio:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Will not fix", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:quarkus:3", "fix_state": "Fix deferred", "impact": "low", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-expression", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-expression", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-expression", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-expression", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-expression", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "jenkins", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Fix deferred", "impact": "low", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "org.springframework/spring-expression", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Under investigation", "package_name": "ovirt-dependencies", "product_name": "Red Hat Virtualization 4"}], "public_date": "2024-08-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38808\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38808\nhttps://spring.io/security/cve-2024-38808"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object