CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CVE-2024-58045 (GCVE-0-2024-58045)
Vulnerability from cvelistv5 – Published: 2025-03-04 07:15 – Updated: 2025-03-04 14:28
VLAI
Summary
Multi-concurrency vulnerability in the media digital copyright protection module
Impact: Successful exploitation of this vulnerability may affect availability.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T14:27:46.763395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T14:28:35.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-concurrency vulnerability in the media digital copyright protection module\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-concurrency vulnerability in the media digital copyright protection module\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T07:15:38.953Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2024-58045",
"datePublished": "2025-03-04T07:15:38.953Z",
"dateReserved": "2025-02-27T02:29:09.224Z",
"dateUpdated": "2025-03-04T14:28:35.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58048 (GCVE-0-2024-58048)
Vulnerability from cvelistv5 – Published: 2025-03-04 07:19 – Updated: 2025-03-04 14:25
VLAI
Summary
Multi-thread problem vulnerability in the package management module
Impact: Successful exploitation of this vulnerability may affect availability.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T14:25:25.525530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T14:25:57.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread problem vulnerability in the package management module\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread problem vulnerability in the package management module\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T07:19:07.453Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2024-58048",
"datePublished": "2025-03-04T07:19:07.453Z",
"dateReserved": "2025-02-27T02:29:09.225Z",
"dateUpdated": "2025-03-04T14:25:57.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58248 (GCVE-0-2024-58248)
Vulnerability from cvelistv5 – Published: 2025-04-16 00:00 – Updated: 2025-10-29 14:27
VLAI
Summary
nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nopCommerce | nopCommerce |
Affected:
0 , < 4.80.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T13:31:07.631778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:27:40.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "nopCommerce",
"vendor": "nopCommerce",
"versions": [
{
"lessThan": "4.80.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nopcommerce:nopcommerce:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.80.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T13:08:40.450Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/nopSolutions/nopCommerce/issues/7325"
},
{
"url": "https://www.nopcommerce.com/en/release-notes"
},
{
"url": "https://github.com/Fabian-For/Vulnerability-Research/blob/main/CVE-2024-58248/README.md"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-58248",
"datePublished": "2025-04-16T00:00:00.000Z",
"dateReserved": "2025-04-16T00:00:00.000Z",
"dateUpdated": "2025-10-29T14:27:40.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7598 (GCVE-0-2024-7598)
Vulnerability from cvelistv5 – Published: 2025-03-20 16:52 – Updated: 2025-03-20 21:02
VLAI
Title
Network restriction bypass via race condition during namespace termination
Summary
A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/kubernetes/kubernetes/issues/126587 | issue-trackingvendor-advisory |
| https://groups.google.com/g/kubernetes-security-a… | mailing-list |
| http://www.openwall.com/lists/oss-security/2025/03/20/2 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kubernetes | kube-apiserver |
Affected:
1.3.0
(semver)
Unaffected: 0 , < 1.3.0 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T18:40:30.346304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:40:36.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-20T21:02:37.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/20/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "kube-apiserver",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"lessThan": "1.3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aaron Coffey"
},
{
"lang": "en",
"type": "finder",
"value": "John McGuinness"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced."
}
],
"value": "A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T16:52:57.929Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking",
"vendor-advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/126587"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Network restriction bypass via race condition during namespace termination",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2024-7598",
"datePublished": "2025-03-20T16:52:57.929Z",
"dateReserved": "2024-08-07T21:16:56.245Z",
"dateUpdated": "2025-03-20T21:02:37.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7885 (GCVE-0-2024-7885)
Vulnerability from cvelistv5 – Published: 2024-08-21 14:13 – Updated: 2026-01-19 03:51
VLAI
Title
Undertow: improper state management in proxy protocol parsing causes information leakage
Summary
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
13 references
Impacted products
43 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 2.2.36.Final
(custom)
Affected: 2.3.0.Alpha1 , < 2.3.17.Final (custom) |
|||
| Red Hat | HawtIO 4.0.0 for Red Hat build of Apache Camel 4 |
cpe:/a:redhat:rhboac_hawtio:4.0.0 |
|
| Red Hat | Red Hat build of Apache Camel 3.20.7 for Spring Boot |
cpe:/a:redhat:apache_camel_spring_boot:3.20.7 |
|
| Red Hat | Red Hat build of Apache Camel 4.4.2 for Spring Boot |
cpe:/a:redhat:apache_camel_spring_boot:4.4.2 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7.4 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:1.11.0-1.redhat_00001.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:2.4.11-1.Final_redhat_00001.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:1.7.2-19.Final_redhat_00020.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:2.0.41-5.SP6_redhat_00001.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:7.3.15-5.GA_redhat_00003.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:2.10.4-4.redhat_00008.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:2.10.4-6.redhat_00008.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:2.10.4-3.redhat_00008.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:1.7.2-20.Final_redhat_00021.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:4.1.63-6.Final_redhat_00004.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:2.0.41-6.SP7_redhat_00001.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 |
Unaffected:
0:7.3.16-3.GA_redhat_00003.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 |
Unaffected:
0:2.2.33-2.SP2_redhat_00001.1.el8eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 |
Unaffected:
0:7.4.18-1.GA_redhat_00003.1.el8eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 |
Unaffected:
0:2.2.33-2.SP2_redhat_00001.1.el9eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 |
Unaffected:
0:7.4.18-1.GA_redhat_00003.1.el9eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 |
Unaffected:
0:2.2.33-2.SP2_redhat_00001.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 |
Unaffected:
0:7.4.18-1.GA_redhat_00003.1.el7eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8.0 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 |
Unaffected:
0:1.11.9-2.redhat_00001.1.el8eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 |
Unaffected:
0:800.3.1-2.GA_redhat_00002.1.el8eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 |
Unaffected:
0:2.3.14-2.SP2_redhat_00001.1.el8eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 |
Unaffected:
0:8.0.3-13.GA_redhat_00007.1.el8eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 |
Unaffected:
0:1.11.9-2.redhat_00001.1.el9eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 |
Unaffected:
0:800.3.1-2.GA_redhat_00002.1.el9eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 |
Unaffected:
0:2.3.14-2.SP2_redhat_00001.1.el9eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 |
Unaffected:
0:8.0.3-13.GA_redhat_00007.1.el9eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
| Red Hat | Red Hat build of Apache Camel for Spring Boot 3 |
cpe:/a:redhat:camel_spring_boot:3 |
|
| Red Hat | Red Hat build of Apache Camel - HawtIO 4 |
cpe:/a:redhat:apache_camel_hawtio:4 |
|
| Red Hat | Red Hat Build of Keycloak |
cpe:/a:redhat:build_keycloak: |
|
| Red Hat | Red Hat build of Quarkus |
cpe:/a:redhat:quarkus:3 |
|
| Red Hat | Red Hat Data Grid 8 |
cpe:/a:redhat:jboss_data_grid:8 |
|
| Red Hat | Red Hat Fuse 7 |
cpe:/a:redhat:jboss_fuse:7 |
|
| Red Hat | Red Hat Integration Camel K 1 |
cpe:/a:redhat:integration:1 |
|
| Red Hat | Red Hat JBoss Data Grid 7 |
cpe:/a:redhat:jboss_data_grid:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat Process Automation 7 |
cpe:/a:redhat:jboss_enterprise_bpms_platform:7 |
|
| Red Hat | Red Hat Single Sign-On 7 |
cpe:/a:redhat:red_hat_single_sign_on:7 |
Date Public
2024-08-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:21:22.416004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:21:42.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-11T22:03:18.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241011-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/undertow-io/undertow",
"defaultStatus": "unaffected",
"packageName": "undertow",
"versions": [
{
"lessThan": "2.2.36.Final",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.3.17.Final",
"status": "affected",
"version": "2.3.0.Alpha1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhboac_hawtio:4.0.0"
],
"defaultStatus": "unaffected",
"packageName": "undertow",
"product": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apache_camel_spring_boot:3.20.7"
],
"defaultStatus": "unaffected",
"packageName": "undertow",
"product": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apache_camel_spring_boot:4.4.2"
],
"defaultStatus": "unaffected",
"packageName": "undertow",
"product": "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-apache-commons-beanutils",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-1.redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-hornetq",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.4.11-1.Final_redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-server-migration",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.7.2-19.Final_redhat_00020.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.0.41-5.SP6_redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.3.15-5.GA_redhat_00003.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-annotations",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-4.redhat_00008.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-core",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-4.redhat_00008.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-databind",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-6.redhat_00008.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-jaxrs-providers",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-4.redhat_00008.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-modules-base",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-6.redhat_00008.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-modules-java8",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-3.redhat_00008.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-server-migration",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.7.2-20.Final_redhat_00021.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-netty",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.1.63-6.Final_redhat_00004.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.0.41-6.SP7_redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.3.16-3.GA_redhat_00003.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.33-2.SP2_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.4.18-1.GA_redhat_00003.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.33-2.SP2_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.4.18-1.GA_redhat_00003.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.33-2.SP2_redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.4.18-1.GA_redhat_00003.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
],
"defaultStatus": "unaffected",
"packageName": "undertow-core",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-amazon-ion-java",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.9-2.redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-eap-product-conf-parent",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:800.3.1-2.GA_redhat_00002.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.3.14-2.SP2_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.0.3-13.GA_redhat_00007.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-amazon-ion-java",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.9-2.redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-eap-product-conf-parent",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:800.3.1-2.GA_redhat_00002.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.3.14-2.SP2_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.0.3-13.GA_redhat_00007.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:camel_spring_boot:3"
],
"defaultStatus": "affected",
"packageName": "undertow",
"product": "Red Hat build of Apache Camel for Spring Boot 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "affected",
"packageName": "undertow",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"packageName": "undertow",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:3"
],
"defaultStatus": "unaffected",
"packageName": "io.quarkus/quarkus-undertow",
"product": "Red Hat build of Quarkus",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"packageName": "undertow",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"packageName": "undertow",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:integration:1"
],
"defaultStatus": "affected",
"packageName": "undertow",
"product": "Red Hat Integration Camel K 1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:7"
],
"defaultStatus": "unknown",
"packageName": "undertow",
"product": "Red Hat JBoss Data Grid 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "undertow-core",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unknown",
"packageName": "undertow",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"packageName": "undertow",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank BfC for reporting this issue."
}
],
"datePublic": "2024-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-19T03:51:37.166Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:11023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:11023"
},
{
"name": "RHSA-2024:6508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6508"
},
{
"name": "RHSA-2024:6883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6883"
},
{
"name": "RHSA-2024:7441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7441"
},
{
"name": "RHSA-2024:7442",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7442"
},
{
"name": "RHSA-2024:7735",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7735"
},
{
"name": "RHSA-2024:7736",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7736"
},
{
"name": "RHSA-2024:8080",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8080"
},
{
"name": "RHSA-2025:16667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16667"
},
{
"name": "RHSA-2026:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0743"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-7885"
},
{
"name": "RHBZ#2305290",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-16T09:00:41.686Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-08-07T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Undertow: improper state management in proxy protocol parsing causes information leakage",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-7885",
"datePublished": "2024-08-21T14:13:36.579Z",
"dateReserved": "2024-08-16T15:35:47.357Z",
"dateUpdated": "2026-01-19T03:51:37.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0372 (GCVE-0-2025-0372)
Vulnerability from cvelistv5 – Published: 2025-05-21 17:12 – Updated: 2025-05-21 19:26
VLAI
Summary
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HYPR | Passwordless |
Affected:
0 , < 10.1
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T19:26:09.775891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:26:16.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Passwordless",
"vendor": "HYPR",
"versions": [
{
"lessThan": "10.1",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.\u003cp\u003eThis issue affects HYPR Passwordless: before 10.1.\u003c/p\u003e"
}
],
"value": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T17:12:08.134Z",
"orgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512",
"shortName": "HYPR"
},
"references": [
{
"url": "https://www.hypr.com/trust-center/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512",
"assignerShortName": "HYPR",
"cveId": "CVE-2025-0372",
"datePublished": "2025-05-21T17:12:08.134Z",
"dateReserved": "2025-01-10T04:57:52.004Z",
"dateUpdated": "2025-05-21T19:26:16.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10216 (GCVE-0-2025-10216)
Vulnerability from cvelistv5 – Published: 2025-09-10 21:02 – Updated: 2025-09-11 15:33
VLAI
Title
GrandNode Voucher ConfirmOrder race condition
Summary
A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Race Condition
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323485 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323485 | signaturepermissions-required |
| https://vuldb.com/?submit.640784 | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T15:32:12.670857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T15:33:10.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Voucher Handler"
],
"product": "GrandNode",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kkc73 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in GrandNode bis 2.3.0 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /checkout/ConfirmOrder/ der Komponente Voucher Handler. Dank Manipulation des Arguments giftvouchercouponcode mit unbekannten Daten kann eine race condition-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T21:02:05.844Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323485 | GrandNode Voucher ConfirmOrder race condition",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323485"
},
{
"name": "VDB-323485 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323485"
},
{
"name": "Submit #640784 | GrandNode grandnode2 2.3.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.640784"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-10T12:53:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "GrandNode Voucher ConfirmOrder race condition"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10216",
"datePublished": "2025-09-10T21:02:05.844Z",
"dateReserved": "2025-09-10T10:48:01.840Z",
"dateUpdated": "2025-09-11T15:33:10.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10778 (GCVE-0-2025-10778)
Vulnerability from cvelistv5 – Published: 2025-09-22 02:32 – Updated: 2025-09-22 15:55
VLAI
Title
Smartstore Gift Voucher confirm race condition
Summary
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Race Condition
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325134 | vdb-entry |
| https://vuldb.com/?ctiid.325134 | signaturepermissions-required |
| https://vuldb.com/?submit.640785 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Smartstore |
Affected:
6.0
Affected: 6.1 Affected: 6.2.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T15:55:00.096174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T15:55:06.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Gift Voucher Handler"
],
"product": "Smartstore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kkc73 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Smartstore bis 6.2.0 wurde eine Schwachstelle gefunden. Es betrifft eine unbekannte Funktion der Datei /checkout/confirm/ der Komponente Gift Voucher Handler. Die Ver\u00e4nderung resultiert in race condition. Der Angriff kann remote ausgef\u00fchrt werden. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Das Ausnutzen gilt als schwierig."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T02:32:05.702Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325134 | Smartstore Gift Voucher confirm race condition",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.325134"
},
{
"name": "VDB-325134 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325134"
},
{
"name": "Submit #640785 | Smartstore AG Smartstore 6.2.0 Race Condition",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.640785"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-21T10:53:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Smartstore Gift Voucher confirm race condition"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10778",
"datePublished": "2025-09-22T02:32:05.702Z",
"dateReserved": "2025-09-21T08:48:35.573Z",
"dateUpdated": "2025-09-22T15:55:06.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1127 (GCVE-0-2025-1127)
Vulnerability from cvelistv5 – Published: 2025-02-13 18:49 – Updated: 2025-02-13 19:14
VLAI
Title
Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server
Summary
The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lexmark | CX, XC, CS, MS, MX, XM, et. al. |
Affected:
0 , ≤ CXTLS.240.205
(custom)
Affected: 0 , ≤ MXTLS.240.205 (custom) Affected: 0 , ≤ CSTLS.240.205 (custom) Affected: 0 , ≤ MSNSN.240.205 (custom) Affected: 0 , ≤ MSTSN.240.205 (custom) Affected: 0 , ≤ MXTSN.240.205 (custom) Affected: 0 , ≤ CSNGV.240.205 (custom) Affected: 0 , ≤ CSTGV.240.205 (custom) Affected: 0 , ≤ CXTGV.240.205 (custom) Affected: 0 , ≤ CXTPC.240.205 (custom) Affected: 0 , ≤ CSTPC.240.205 (custom) Affected: 0 , ≤ MXTCT.240.205 (custom) Affected: 0 , ≤ MXTPM.240.205 (custom) Affected: 0 , ≤ CXTMM.240.205 (custom) Affected: 0 , ≤ CSTMM.240.205 (custom) Affected: 0 , ≤ MSNGM.240.205 (custom) Affected: 0 , ≤ MSTGM.240.205 (custom) Affected: 0 , ≤ MXNGM.240.205 (custom) Affected: 0 , ≤ MXTGM.240.205 (custom) Affected: 0 , ≤ MSNGW.240.205 (custom) Affected: 0 , ≤ MSTGW.240.205 (custom) Affected: 0 , ≤ MXTGW.240.205 (custom) Affected: 0 , ≤ CSTZJ.240.205 (custom) Affected: 0 , ≤ CSNZJ.240.205 (custom) Affected: 0 , ≤ CXTZJ.240.205 (custom) Affected: 0 , ≤ CXNZJ.240.205 (custom) Affected: 0 , ≤ MSLSG.240.407 (custom) Affected: 0 , ≤ MXLSG.240.407 (custom) Affected: 0 , ≤ MSLBD.240.407 (custom) Affected: 0 , ≤ MXLBD.240.407 (custom) Affected: 0 , ≤ CSLBN.240.407 (custom) Affected: 0 , ≤ CSLBL.240.407 (custom) Affected: 0 , ≤ CXLBN.240.407 (custom) Affected: 0 , ≤ CXLBL.240.407 (custom) Affected: 0 , ≤ CXTPP.240.407 (custom) Affected: 0 , ≤ CSTPP.240.407 (custom) Affected: 0 , ≤ CSTAT.240.407 (custom) Affected: 0 , ≤ CXTAT.240.407 (custom) Affected: 0 , ≤ CSTMH.240.407 (custom) Affected: 0 , ≤ CXTMH.240.407 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T19:14:28.287539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T19:14:43.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"webserver"
],
"product": "CX, XC, CS, MS, MX, XM, et. al.",
"vendor": "Lexmark",
"versions": [
{
"changes": [
{
"at": "CXTLS.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTLS.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTLS.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTLS.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTLS.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTLS.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNSN.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNSN.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTSN.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTSN.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTSN.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTSN.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNGV.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSNGV.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTGV.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTGV.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTGV.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTGV.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPC.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTPC.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPC.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTPC.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTCT.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTCT.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTPM.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTPM.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMM.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTMM.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMM.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTMM.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGM.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNGM.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGM.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTGM.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXNGM.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXNGM.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGM.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTGM.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGW.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNGW.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGW.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTGW.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGW.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTGW.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTZJ.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTZJ.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNZJ.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSNZJ.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTZJ.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTZJ.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXNZJ.240.206 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXNZJ.240.205",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSLSG.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSLSG.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXLSG.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXLSG.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSLBD.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSLBD.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXLBD.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXLBD.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSLBN.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSLBN.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSLBL.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSLBL.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXLBN.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXLBN.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXLBL.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXLBL.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPP.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTPP.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPP.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTPP.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTAT.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTAT.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTAT.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTAT.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMH.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTMH.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMH.240.408 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTMH.240.407",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem."
}
],
"impacts": [
{
"capecId": "CAPEC-123",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-123 Buffer Manipulation"
}
]
},
{
"capecId": "CAPEC-124",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-124 Shared Resource Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T18:49:43.500Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lexmark recommends a firmware update if your device has affected firmware.\n\n\u003cbr\u003e"
}
],
"value": "Lexmark recommends a firmware update if your device has affected firmware."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2025-1127",
"datePublished": "2025-02-13T18:49:43.500Z",
"dateReserved": "2025-02-07T21:52:05.399Z",
"dateUpdated": "2025-02-13T19:14:43.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11637 (GCVE-0-2025-11637)
Vulnerability from cvelistv5 – Published: 2025-10-12 16:32 – Updated: 2025-10-16 05:39
VLAI
Title
Tomofun Furbo 360 Audio race condition
Summary
A vulnerability was detected in Tomofun Furbo 360 up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Race Condition
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.328048 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328048 | signaturepermissions-required |
| https://vuldb.com/?submit.661362 | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T15:06:38.667217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T15:06:45.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Audio Handler"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "FB0035_FW_036"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calvin Star (Software Secured)"
},
{
"lang": "en",
"type": "finder",
"value": "Julian B (Software Secured)"
},
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tomofun Furbo 360 up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tomofun Furbo 360 up to FB0035_FW_036 gefunden. Es ist betroffen eine unbekannte Funktion der Komponente Audio Handler. Dank der Manipulation mit unbekannten Daten kann eine race condition-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T05:39:49.182Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328048 | Tomofun Furbo 360 Audio race condition",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328048"
},
{
"name": "VDB-328048 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328048"
},
{
"name": "Submit #661362 | Tomofun Furbo 360 \u2264 FB0035_FW_036 Race Condition",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661362"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-15T20:00:00.000Z",
"value": "Vulnerability found"
},
{
"lang": "en",
"time": "2025-06-21T23:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2025-07-03T04:30:00.000Z",
"value": "Vendor acknowledged"
},
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-16T07:44:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360 Audio race condition"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11637",
"datePublished": "2025-10-12T16:32:06.156Z",
"dateReserved": "2025-10-11T18:32:31.274Z",
"dateUpdated": "2025-10-16T05:39:49.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Phase: Architecture and Design
Description:
- Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
Phase: Architecture and Design
Description:
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Phase: Implementation
Description:
- When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Phase: Implementation
Description:
- Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Phase: Implementation
Description:
- Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Phase: Implementation
Description:
- Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Phase: Implementation
Description:
- Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Phase: Implementation
Description:
- Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.