Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/21 5:44 p.m.13 views

Security Bulletin: Vulnerabilities in Quarkus-HTTP affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus-HTTP has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-12397 DESCRIPTION: A...

7.4CVSS6.3AI score0.00768EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2024/12/12 9:31 a.m.7 views

at.meks.quarkiverse.axonframework-extension:quarkus-axon-metrics-deployment (>=0.1.0-RC2 <=0.1.0-quarkus-3.15-RC4), br.com.labbs:quarkus-monitor-deployment (>=0.1.5 <=0.3.0) +453 more potentially affected by CVE-2024-12397 via io.quarkus.http:quarkus-http-core (>=3.0.0.Alpha1 <=5.3.3)

io.quarkus.http:quarkus-http-core MAVEN version =3.0.0.Alpha1, =0.1.0-RC2, =0.1.5, =1.0.4, =1.8.0, =1.6.9, =1.5.0, =1.0.0, =1.1.0, =1.1.0, =1.0.0, =0.0.10, =1.0.0, =24.6.0-alpha2 and more Source cves: CVE-2024-12397 Source advisory: OSV:GHSA-CXRX-Q234-M22M...

7.4CVSS6AI score0.00768EPSS
Exploits0
Chainguard
Chainguard
added 2024/12/12 9:15 a.m.15 views

CVE-2024-12397 vulnerabilities

Vulnerabilities for packages: keycloak-fips, keycloak, apicurio-registry...

7.4CVSS6.7AI score0.00768EPSS
Exploits0
Wolfi
Wolfi
added 2024/12/12 9:15 a.m.13 views

CVE-2024-12397 vulnerabilities

Vulnerabilities for packages: apicurio-registry, keycloak...

7.4CVSS6.7AI score0.00768EPSS
Exploits0
Circl
Circl
added 2024/12/12 9:8 a.m.9 views

CVE-2024-12397

creationtimestamp| type| source ---|---|--- 2024-12-12 09:08:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113639063433232775 2024-12-12 11:19:28+00:00| seen| https://t.me/cvedetector/12759 2025-03-19 17:20:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8096 2025-05-02...

7.4CVSS5.3AI score0.00768EPSS
Exploits0References4
CVE
CVE
added 2024/12/12 9:5 a.m.401 views

CVE-2024-12397

CVE-2024-12397 describes a flaw in Quarkus-HTTP where cookies with certain value-delimiting characters are parsed incorrectly in incoming requests. This can allow an attacker to craft a cookie value to exfiltrate HttpOnly cookies or spoof additional cookie values, impacting data confidentiality a...

7.4CVSS7.3AI score0.00768EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/12/12 9:5 a.m.15 views

CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

7.4CVSS6.8AI score0.00768EPSS
Exploits0References5
Rows per page
Query Builder