7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.4%
RSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.
update to jsrsasign 11.0.0.
Find and replace RSA and RSAOAEP decryption with other crypto library.
https://people.redhat.com/~hkario/marvin/
https://github.com/kjur/jsrsasign/issues/598
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
https://vulners.com/cve/CVE-2024-21484
github.com/kjur/jsrsasign
github.com/kjur/jsrsasign/issues/598
github.com/kjur/jsrsasign/releases/tag/11.0.0
github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf
nvd.nist.gov/vuln/detail/CVE-2024-21484
people.redhat.com/~hkario/marvin
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.4%