CVE-2024-45719

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45719
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

2.6 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491 Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/22/1 Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*
History

01 Jul 2025, 20:29

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de fuerza de cifrado inadecuada en Apache Answer. Este problema afecta a Apache Answer: hasta la versión 1.4.0. Los identificadores generados con la versión UUID v1 no son lo suficientemente seguros hasta cierto punto. Esto puede provocar que el token generado sea predecible. Se recomienda a los usuarios que actualicen a la versión 1.4.1, que soluciona el problema.
CPE cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*
First Time Apache answer
Apache
References () https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491 - () https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491 - Mailing List, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2024/11/22/1 - () http://www.openwall.com/lists/oss-security/2024/11/22/1 - Mailing List

22 Nov 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-22 15:15

Updated : 2025-07-01 20:29

NVD link : CVE-2024-45719

Mitre link : CVE-2024-45719

CVE.ORG link : CVE-2024-45719

JSON object : View

Products Affected

apache

  • answer
CWE
CWE-326

Inadequate Encryption Strength