CVE-2024-10234

Published Oct 22, 2024

Last updated 4 months ago

CVSS high 7.3

Overview

Description: A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.3
Impact score: 5.2
Exploitability score: 2.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Severity: HIGH

Weaknesses

secalert@redhat.com: CWE-79

Hype score: Not currently trending

CVE-2024-9537 is getting exploited #inthewild. Find out more at https://t.co/YxvFKMWntZ CVE-2024-38094 is getting exploited #inthewild. Find out more at https://t.co/V1ffPVq2Tc CVE-2024-10234 is getting exploited #inthewild. Find out more at https://t.co/EVZrv1vtKQ
@inthewildio
23 Oct 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "824BB506-D01A-4C88-AD4A-3C94A2409CD2"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01FBC63E-BB92-49FF-AA00-BF0FCC17732A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References