{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45719", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-09-05T08:29:10.968Z", "datePublished": "2024-11-22T14:36:44.588Z", "dateUpdated": "2024-11-22T20:18:15.264Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Answer", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.4.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Chi Tran from Eevee"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Inadequate Encryption Strength vulnerability in Apache Answer.</p><p>This issue affects Apache Answer: through 1.4.0.</p>The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.<br><p>Users are recommended to upgrade to version 1.4.1, which fixes the issue.</p>"}], "value": "Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.4.0.\n\nThe ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.\nUsers are recommended to upgrade to version 1.4.1, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-11-22T14:36:44.588Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache Answer: Predictable Authorization Token Using UUIDv1", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/22/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-22T18:03:21.717Z"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-22T20:12:35.531395Z", "id": "CVE-2024-45719", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-22T20:18:15.264Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/22/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-22T18:03:21.717Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45719", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-22T20:12:35.531395Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-22T20:17:37.540Z"}}], "cna": {"title": "Apache Answer: Predictable Authorization Token Using UUIDv1", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Chi Tran from Eevee"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Answer", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.4.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.4.0.\n\nThe ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.\nUsers are recommended to upgrade to version 1.4.1, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Inadequate Encryption Strength vulnerability in Apache Answer.</p><p>This issue affects Apache Answer: through 1.4.0.</p>The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.<br><p>Users are recommended to upgrade to version 1.4.1, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-11-22T14:36:44.588Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45719", "state": "PUBLISHED", "dateUpdated": "2024-11-22T20:18:15.264Z", "dateReserved": "2024-09-05T08:29:10.968Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-11-22T14:36:44.588Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.4.0.\n\nThe ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.\nUsers are recommended to upgrade to version 1.4.1, which fixes the issue."}], "id": "CVE-2024-45719", "lastModified": "2024-11-22T21:15:18.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-22T15:15:10.473", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/11/22/1"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "security@apache.org", "type": "Secondary"}]}

{}