Redhat.comRH:CVE-2024-21484CVE-2024-21484
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
35.4%
A flaw was found in jsrsasign, which is vulnerable to an observable discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. This flaw allows an attacker to decrypt ciphertexts. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.
References
bugzilla.redhat.com/show_bug.cgi?id=2259531
github.com/kjur/jsrsasign/issues/598
github.com/kjur/jsrsasign/releases/tag/11.0.0
nvd.nist.gov/vuln/detail/CVE-2024-21484
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
www.cve.org/CVERecord?id=CVE-2024-21484
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
35.4%