{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Apache Software Foundation heeft kwetsbaarheden verholpen in de Apache HTTP-Server.", "title": "Feiten" }, { "category": "description", "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, middels een Server-Side-Request-Forgery (SSRF) verkeer te manipuleren, of om code uit te voeren binnen de webserver, waarvoor de kwaadwillende aanvankelijk niet is geautoriseerd.", "title": "Interpretaties" }, { "category": "description", "text": "Apache Software Foundation heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Apache HTTP-Server 2.4.60. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Encoding or Escaping of Output", "title": "CWE-116" }, { "category": "general", "text": "Encoding Error", "title": "CWE-172" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" }, { "category": "general", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "general", "text": "Inclusion of Functionality from Untrusted Control Sphere", "title": "CWE-829" }, { "category": "general", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference - cveprojectv5; ibm; nvd; redhat", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "title": "Kwetsbaarheden verholpen in Apache HHTP-server", "tracking": { "current_release_date": "2024-07-02T11:44:22.653047Z", "id": "NCSC-2024-0275", "initial_release_date": "2024-07-02T11:44:22.653047Z", "revision_history": [ { "date": "2024-07-02T11:44:22.653047Z", "number": "0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "apache_http_server", "product": { "name": "apache_http_server", "product_id": "CSAFPID-1465466", "product_identification_helper": { "cpe": "cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "apache_http_server", "product": { "name": "apache_http_server", "product_id": "CSAFPID-1491761", "product_identification_helper": { "cpe": "cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.55:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "apache_http_server", "product": { "name": "apache_http_server", "product_id": "CSAFPID-1491762", "product_identification_helper": { "cpe": "cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "apache_software_foundation" }, { "branches": [ { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76769", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76761", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76766", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139639", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.11:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76770", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76772", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.13:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139611", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139603", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.15:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139596", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139667", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139663", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139697", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76762", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139591", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139684", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139652", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-96956", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139580", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139628", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139643", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139651", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139623", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139593", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76764", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139704", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139647", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.31:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139728", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.32:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139724", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139584", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139696", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139685", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.36:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139677", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139585", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139577", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.39:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76767", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139664", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.40:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139675", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.41:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139602", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.42:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139569", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.43:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139689", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.44:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139655", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.45:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139716", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.46:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139737", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139568", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.48:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139711", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139589", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139662", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139619", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.51:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139563", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.52:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-139637", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-140516", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.54:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-142004", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.55:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-1473391", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.56:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-1473393", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.57:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-1473392", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.58:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-1491521", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.59:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76765", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76763", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76771", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "http_server", "product": { "name": "http_server", "product_id": "CSAFPID-76773", "product_identification_helper": { "cpe": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "apache" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-36387", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" } ], "product_status": { "known_affected": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1491761", "CSAFPID-1491762" ] }, "references": [ { "category": "self", "summary": "CVE-2024-36387", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36387.json" } ], "title": "CVE-2024-36387" }, { "cve": "CVE-2024-38472", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "other", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" } ], "product_status": { "known_affected": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] }, "references": [ { "category": "self", "summary": "CVE-2024-38472", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38472.json" } ], "title": "CVE-2024-38472" }, { "cve": "CVE-2024-38473", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "notes": [ { "category": "other", "text": "Encoding Error", "title": "CWE-172" }, { "category": "other", "text": "Improper Encoding or Escaping of Output", "title": "CWE-116" } ], "product_status": { "known_affected": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] }, "references": [ { "category": "self", "summary": "CVE-2024-38473", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json" } ], "title": "CVE-2024-38473" }, { "cve": "CVE-2024-38474", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "notes": [ { "category": "other", "text": "Encoding Error", "title": "CWE-172" }, { "category": "other", "text": "Improper Encoding or Escaping of Output", "title": "CWE-116" } ], "product_status": { "known_affected": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] }, "references": [ { "category": "self", "summary": "CVE-2024-38474", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38474.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] } ], "title": "CVE-2024-38474" }, { "cve": "CVE-2024-38475", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "other", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "other", "text": "Improper Encoding or Escaping of Output", "title": "CWE-116" } ], "product_status": { "known_affected": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] }, "references": [ { "category": "self", "summary": "CVE-2024-38475", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] } ], "title": "CVE-2024-38475" }, { "cve": "CVE-2024-38476", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "other", "text": "Inclusion of Functionality from Untrusted Control Sphere", "title": "CWE-829" } ], "product_status": { "known_affected": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] }, "references": [ { "category": "self", "summary": "CVE-2024-38476", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json" } ], "title": "CVE-2024-38476" }, { "cve": "CVE-2024-38477", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "notes": [ { "category": "other", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" }, { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" } ], "product_status": { "known_affected": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] }, "references": [ { "category": "self", "summary": "CVE-2024-38477", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38477.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] } ], "title": "CVE-2024-38477" }, { "cve": "CVE-2024-39573", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "other", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" }, { "category": "other", "text": "Improper Input Validation", "title": "CWE-20" } ], "product_status": { "known_affected": [ "CSAFPID-76769", "CSAFPID-76761", "CSAFPID-76762", "CSAFPID-76764", "CSAFPID-76767", "CSAFPID-76765", "CSAFPID-76763", "CSAFPID-76771", "CSAFPID-76773", "CSAFPID-76766", "CSAFPID-76770", "CSAFPID-139611", "CSAFPID-139596", "CSAFPID-139667", "CSAFPID-139663", "CSAFPID-139697", "CSAFPID-139591", "CSAFPID-139684", "CSAFPID-139652", "CSAFPID-96956", "CSAFPID-139580", "CSAFPID-139628", "CSAFPID-139643", "CSAFPID-139651", "CSAFPID-139623", "CSAFPID-139593", "CSAFPID-139704", "CSAFPID-139724", "CSAFPID-139584", "CSAFPID-139696", "CSAFPID-139677", "CSAFPID-139585", "CSAFPID-139737", "CSAFPID-139711", "CSAFPID-139662", "CSAFPID-139637", "CSAFPID-1465466", "CSAFPID-1491762" ] }, "references": [ { "category": "self", "summary": "CVE-2024-39573", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39573.json" } ], "title": "CVE-2024-39573" } ] }