In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 08-09, 2024.
During this period, The National Vulnerability Database published 106, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 20
Medium: 44
Low: 11
Severity Not Assigned: 29
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1929
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 5.8
Description: Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.
There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.
Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this "config" map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.
References: https://www.openwall.com/lists/oss-security/2024/03/04/2
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-2746
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Incomplete fix for CVE-2024-1929
The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a
local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started.
The dnf5 library code does not check whether non-root users control the directory in question.
On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file
that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow.
The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics
are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though.
Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify
a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker.
References: https://www.openwall.com/lists/oss-security/2024/04/03/5
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-2860
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24260
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4393
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
References: https://plugins.trac.wordpress.org/browser/social-connect/tags/1.2/openid/openid.php#L575
https://www.wordfence.com/threat-intel/vulnerabilities/id/2882d9dd-0c73-4c9a-99cb-d10900503103?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-22264
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system.
References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24219
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-4436
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
References: https://access.redhat.com/security/cve/CVE-2024-4436
https://bugzilla.redhat.com/show_bug.cgi?id=2279357
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-4437
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
References: https://access.redhat.com/security/cve/CVE-2024-4437
https://bugzilla.redhat.com/show_bug.cgi?id=2279361
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-4438
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
References: https://access.redhat.com/security/cve/CVE-2024-4438
https://bugzilla.redhat.com/show_bug.cgi?id=2279365
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-3507
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-lunar
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-34553
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1.
References: https://patchstack.com/database/vulnerability/stockholm-core/wordpress-stockholm-core-plugin-2-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-1438
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9.
References: https://patchstack.com/database/vulnerability/rolo-slider/wordpress-rolo-slider-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-31270
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.
References: https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-1-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-21793
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138732
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-25560
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000139037
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-26026
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000138733
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-28883
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: An origin validation vulnerability exists in
BIG-IP APM browser network access VPN client
for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138744
CWE-ID: CWE-346
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-31156
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description:
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138636
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-32049
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138634
CWE-ID: CWE-300
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-32980
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application's component handling the incoming request is configured with an `allow_outbound_hosts` list containing `"self"`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn't include the hostname/port. Spin 2.4.3 has been released to fix this issue.
References: https://github.com/fermyon/spin/commit/b3db535c9edb72278d4db3a201f0ed214e561354
https://github.com/fermyon/spin/security/advisories/GHSA-f3h7-gpjj-wcvh
CWE-ID: CWE-610
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-33608
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138728
CWE-ID: CWE-824
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-34347
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0.
References: https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-3951
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description:
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-01
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 08-09, 2024.
During this period, The National Vulnerability Database published 106, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 20
Medium: 44
Low: 11
Severity Not Assigned: 29
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1929
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 5.8
Description: Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.
There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.
Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this "config" map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.
References: https://www.openwall.com/lists/oss-security/2024/03/04/2
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-2746
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Incomplete fix for CVE-2024-1929
The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a
local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started.
The dnf5 library code does not check whether non-root users control the directory in question.
On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file
that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow.
The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics
are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though.
Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify
a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker.
References: https://www.openwall.com/lists/oss-security/2024/04/03/5
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-2860
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24260
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-4393
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
References: https://plugins.trac.wordpress.org/browser/social-connect/tags/1.2/openid/openid.php#L575
https://www.wordfence.com/threat-intel/vulnerabilities/id/2882d9dd-0c73-4c9a-99cb-d10900503103?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-22264
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system.
References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24219
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-4436
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
References: https://access.redhat.com/security/cve/CVE-2024-4436
https://bugzilla.redhat.com/show_bug.cgi?id=2279357
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-4437
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
References: https://access.redhat.com/security/cve/CVE-2024-4437
https://bugzilla.redhat.com/show_bug.cgi?id=2279361
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-4438
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
References: https://access.redhat.com/security/cve/CVE-2024-4438
https://bugzilla.redhat.com/show_bug.cgi?id=2279365
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-3507
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-lunar
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-34553
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1.
References: https://patchstack.com/database/vulnerability/stockholm-core/wordpress-stockholm-core-plugin-2-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-1438
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9.
References: https://patchstack.com/database/vulnerability/rolo-slider/wordpress-rolo-slider-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-31270
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.
References: https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-1-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-21793
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138732
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-25560
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000139037
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-26026
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000138733
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-28883
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: An origin validation vulnerability exists in
BIG-IP APM browser network access VPN client
for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138744
CWE-ID: CWE-346
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-31156
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description:
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138636
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-32049
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138634
CWE-ID: CWE-300
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-32980
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application's component handling the incoming request is configured with an `allow_outbound_hosts` list containing `"self"`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn't include the hostname/port. Spin 2.4.3 has been released to fix this issue.
References: https://github.com/fermyon/spin/commit/b3db535c9edb72278d4db3a201f0ed214e561354
https://github.com/fermyon/spin/security/advisories/GHSA-f3h7-gpjj-wcvh
CWE-ID: CWE-610
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-33608
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000138728
CWE-ID: CWE-824
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-34347
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0.
References: https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-3951
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description:
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-01
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found