CVE-2024-4175 - Vulnerability Details - OpenCVE

Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00308.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hyperion-web-server

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-04-25T11:51:36.458Z

Updated: 2024-08-01T20:33:52.938Z

Reserved: 2024-04-25T08:33:51.577Z

Link: CVE-2024-4175

Vulnrichment

Updated: 2024-08-01T20:33:52.938Z

NVD

Status : Deferred

Published: 2024-04-25T12:15:08.630

Modified: 2026-06-17T08:01:16.497

Link: CVE-2024-4175

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4175", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2024-04-25T08:33:51.577Z", "datePublished": "2024-04-25T11:51:36.458Z", "dateUpdated": "2024-08-01T20:33:52.938Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hyperion Web Server", "vendor": "Hyperion", "versions": [{"status": "affected", "version": "2.0.15"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Ra\u00fal Fuentes Ferrer"}], "datePublic": "2024-04-25T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters. "}], "value": "Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters. "}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-04-25T11:51:36.458Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hyperion-web-server"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerability has been fixed in the latest version."}], "value": "The vulnerability has been fixed in the latest version."}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Input Validation vulnerability in Hyperion Web Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4175", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T16:20:09.382805Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hyperion:hyperion_web_server:*:*:*:*:*:*:*:*"], "vendor": "hyperion", "product": "hyperion_web_server", "versions": [{"status": "affected", "version": "2.0.15"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:55:02.401Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.938Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hyperion-web-server", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hyperion-web-server", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.938Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4175", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T16:20:09.382805Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hyperion:hyperion_web_server:*:*:*:*:*:*:*:*"], "vendor": "hyperion", "product": "hyperion_web_server", "versions": [{"status": "affected", "version": "2.0.15"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T16:19:28.563Z"}}], "cna": {"title": "Improper Input Validation vulnerability in Hyperion Web Server", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Ra\u00fal Fuentes Ferrer"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hyperion", "product": "Hyperion Web Server", "versions": [{"status": "affected", "version": "2.0.15"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The vulnerability has been fixed in the latest version.", "supportingMedia": [{"type": "text/html", "value": "The vulnerability has been fixed in the latest version.", "base64": false}]}], "datePublic": "2024-04-25T10:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hyperion-web-server"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters. ", "supportingMedia": [{"type": "text/html", "value": "Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-04-25T11:51:36.458Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4175", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:33:52.938Z", "dateReserved": "2024-04-25T08:33:51.577Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2024-04-25T11:51:36.458Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "Hyperion Web Server", "vendor": "Hyperion", "versions": [{"status": "affected", "version": "2.0.15"}]}], "source": "[email protected]"}, {"affectedData": [{"cpes": ["cpe:2.3:a:hyperion:hyperion_web_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "product": "hyperion_web_server", "vendor": "hyperion", "versions": [{"status": "affected", "version": "2.0.15"}]}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters. "}, {"lang": "es", "value": "Vulnerabilidad de transformaci\u00f3n Unicode en Hyperion que afecta a la versi\u00f3n 2.0.15. Esta vulnerabilidad podr\u00eda permitir a un atacante enviar un payload malicioso con caracteres Unicode que ser\u00e1n reemplazados por caracteres ASCII."}], "id": "CVE-2024-4175", "lastModified": "2026-06-17T08:01:16.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "[email protected]", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-4175", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2024-04-25T16:20:09.382805Z", "version": "2.0.3"}}]}, "published": "2024-04-25T12:15:08.630", "references": [{"source": "[email protected]", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hyperion-web-server"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hyperion-web-server"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "[email protected]", "type": "Secondary"}]}