CVE-2024-45387

🗓️ 23 Dec 2024 15:30:13Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 132 Views

SQL injection in Apache Traffic Control allows privileged users to execute arbitrary SQL commands.

Reporter	Title	Published	Views	Family All 38
Circl	CVE-2024-45387	23 Dec 202418:20	–	circl
CNNVD	Apache Traffic Control 安全漏洞	23 Dec 202400:00	–	cnnvd
CNVD	Apache Traffic Control SQL Injection Vulnerability	25 Dec 202400:00	–	cnvd
Cvelist	CVE-2024-45387 Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments	23 Dec 202415:30	–	cvelist
F5 Networks	K000149289: Apache Traffic Control vulnerability CVE-2024-45387	14 Jan 202517:09	–	f5
Github Security Blog	SQL injection in Apache Traffic Control	23 Dec 202418:30	–	github
NVD	CVE-2024-45387	23 Dec 202416:15	–	nvd
OPENSUSE Linux	govulncheck-vulndb-0.0.20250108T191942-1.1 on GA media (moderate)	10 Jan 202500:00	–	opensuse
OpenVAS	openSUSE Security Advisory (SUSE-SU-2025:0060-1)	11 Jan 202500:00	–	openvas
OSV	GHSA-VQ94-9PFV-CCQR SQL injection in Apache Traffic Control	23 Dec 202418:30	–	osv

NVD

Vulners

Node

apache traffic_controlRange8.0.0–8.0.2

[
  {
    "defaultStatus": "unaffected",
    "packageName": "traffic_ops",
    "product": "Apache Traffic Control",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "8.0.1",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "8.0.0",
        "status": "unaffected",
        "version": "7.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr
openwall	www.openwall.com/lists/oss-security/2024/12/23/3

11 Feb 2025 16:07Current

9.8High risk

Vulners AI Score9.8

CVSS 3.18.8 - 9.9

EPSS0.50551

SSVC