CVE-2024-45719

LOW

Apache Answer < 1.4.1 - Weak Encryption

Title source: rule

Description

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

References (2)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491

[Mailing List] http://www.openwall.com/lists/oss-security/2024/11/22/1

Scores

CVSS v3 2.6

EPSS 0.0007

EPSS Percentile 20.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N

Classification

CWE

CWE-326

Status published

Affected Products (2)

apache/answer < 1.4.1

apache/incubator-answer < 1.4.1Go

Timeline

Published Nov 22, 2024

Tracked Since Feb 18, 2026