Vulnerability-Lookup

CVE-2024-34351 (GCVE-0-2024-34351)

Vulnerability from cvelistv5 – Published: 2024-05-09 16:14 – Updated: 2024-08-02 02:51

Title

Next.js Server-Side Request Forgery in Server Actions

Summary

Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vercel/next.js/security/adviso…	x_refsource_CONFIRM
	https://github.com/vercel/next.js/pull/62561	x_refsource_MISC
	https://github.com/vercel/next.js/commit/8f7a6ca7…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vercel	next.js	Affected: >= 13.4.0, < 14.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:vercel:next.js:13.4.0:*:*:*:*:node.js:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "next.js",
            "vendor": "vercel",
            "versions": [
              {
                "lessThan": "14.1.1",
                "status": "affected",
                "version": "13.4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T18:01:14.735549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:41:46.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:09.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"
          },
          {
            "name": "https://github.com/vercel/next.js/pull/62561",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vercel/next.js/pull/62561"
          },
          {
            "name": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "next.js",
          "vendor": "vercel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 13.4.0, \u003c 14.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-09T16:14:16.236Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"
        },
        {
          "name": "https://github.com/vercel/next.js/pull/62561",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vercel/next.js/pull/62561"
        },
        {
          "name": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"
        }
      ],
      "source": {
        "advisory": "GHSA-fr5h-rqp8-mj6g",
        "discovery": "UNKNOWN"
      },
      "title": "Next.js Server-Side Request Forgery in Server Actions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34351",
    "datePublished": "2024-05-09T16:14:16.236Z",
    "dateReserved": "2024-05-02T06:36:32.438Z",
    "dateUpdated": "2024-08-02T02:51:09.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\", \"name\": \"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/vercel/next.js/pull/62561\", \"name\": \"https://github.com/vercel/next.js/pull/62561\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085\", \"name\": \"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:51:09.867Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34351\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-10T18:01:14.735549Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:vercel:next.js:13.4.0:*:*:*:*:node.js:*:*\"], \"vendor\": \"vercel\", \"product\": \"next.js\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.4.0\", \"lessThan\": \"14.1.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-10T18:02:33.408Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Next.js Server-Side Request Forgery in Server Actions\", \"source\": {\"advisory\": \"GHSA-fr5h-rqp8-mj6g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"vercel\", \"product\": \"next.js\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 13.4.0, \u003c 14.1.1\"}]}], \"references\": [{\"url\": \"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\", \"name\": \"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vercel/next.js/pull/62561\", \"name\": \"https://github.com/vercel/next.js/pull/62561\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085\", \"name\": \"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-09T16:14:16.236Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-34351\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T02:51:09.867Z\", \"dateReserved\": \"2024-05-02T06:36:32.438Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-05-09T16:14:16.236Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0514

Vulnerability from certfr_avis - Published: 2024-06-21 - Updated: 2024-06-21

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Watson Explorer	Watson Explorer DAE Foundational Components versions 11.0.x antérieures à 11.0.2 Fix Pack 19
IBM	Db2	Db2 on Cloud Pak for Data versions antérieures à v5.0
IBM	Storage Protect	Storage Protect for Virtual Environments: Data Protection pour Hyper-V et VMware versions 8.1.x antérieures à 8.1.23.0
IBM	Sterling Connect:Direct	Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.3_iFix004
IBM	Watson Explorer	Watson Explorer DAE Analytical Components versions 11.0.x antérieures à 11.0.2 Fix Pack 19
IBM	Watson Explorer	Watson Explorer DAE Foundational Components versions 12.0.x antérieures à 12.0.3.15
IBM	Sterling Connect:Direct	Sterling Connect:Direct pour Microsoft Windows versions 6.1.x antérieures à 6.1.0.2_iFix087
IBM	Sterling Connect:Direct	Sterling Connect:Direct pour Microsoft Windows versions 6.0.x antérieures à 6.0.0.4_iFix088
IBM	Watson Explorer	Watson Explorer DAE Analytical Components versions 12.0.x antérieures à 12.0.3.15
IBM	Db2	Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.0
IBM	QRadar	QRadar Suite Software versions 1.10.x antérieures à 1.10.22.0
IBM	Sterling Connect:Direct	Sterling Connect:Direct pour Microsoft Windows versions 6.2.x antérieures à 6.2.0.6_iFix020
IBM	Cloud Pak	Cloud Pak for Security versions 1.10.x antérieures à 1.10.22.0
IBM	Storage Protect	Storage Protect Backup-Archive Client versions 8.1.x antérieures à 8.1.23.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7158042	2024-06-19	vendor-advisory
Bulletin de sécurité IBM 7157662	2024-06-17	vendor-advisory
Bulletin de sécurité IBM 7157750	2024-06-17	vendor-advisory
Bulletin de sécurité IBM 7157924	2024-06-18	vendor-advisory
Bulletin de sécurité IBM 7157753	2024-06-17	vendor-advisory
Bulletin de sécurité IBM 7157847	2024-06-20	vendor-advisory
Bulletin de sécurité IBM 7157927	2024-06-18	vendor-advisory
Bulletin de sécurité IBM 7157929	2024-06-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Watson Explorer DAE Foundational Components versions 11.0.x ant\u00e9rieures \u00e0 11.0.2 Fix Pack 19",
      "product": {
        "name": "Watson Explorer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.0",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Storage Protect for Virtual Environments: Data Protection pour Hyper-V et VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.23.0",
      "product": {
        "name": "Storage Protect",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.3_iFix004",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Watson Explorer DAE Analytical Components versions 11.0.x ant\u00e9rieures \u00e0 11.0.2 Fix Pack 19",
      "product": {
        "name": "Watson Explorer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Watson Explorer DAE Foundational Components versions 12.0.x ant\u00e9rieures \u00e0 12.0.3.15",
      "product": {
        "name": "Watson Explorer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct pour Microsoft Windows versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2_iFix087",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct pour Microsoft Windows versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix088",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Watson Explorer DAE Analytical Components versions 12.0.x ant\u00e9rieures \u00e0 12.0.3.15",
      "product": {
        "name": "Watson Explorer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.0",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite Software versions 1.10.x ant\u00e9rieures \u00e0 1.10.22.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct pour Microsoft Windows versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.6_iFix020",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.10.22.0",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Storage Protect Backup-Archive Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.23.0",
      "product": {
        "name": "Storage Protect",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2020-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
    },
    {
      "name": "CVE-2024-29041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2021-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2024-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3772"
    },
    {
      "name": "CVE-2021-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2024-34351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34351"
    },
    {
      "name": "CVE-2022-21299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
    },
    {
      "name": "CVE-2020-2773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
    },
    {
      "name": "CVE-2020-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
    },
    {
      "name": "CVE-2020-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
    },
    {
      "name": "CVE-2020-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2022-21305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
    },
    {
      "name": "CVE-2024-22243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2024-24557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
    },
    {
      "name": "CVE-2023-22795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22795"
    },
    {
      "name": "CVE-2024-23082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23082"
    },
    {
      "name": "CVE-2024-25026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
    },
    {
      "name": "CVE-2020-8565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2024-22262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
    },
    {
      "name": "CVE-2021-32052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32052"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2023-35116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
    },
    {
      "name": "CVE-2024-23672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2024-22329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
    },
    {
      "name": "CVE-2020-2659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2659"
    },
    {
      "name": "CVE-2024-30251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
    },
    {
      "name": "CVE-2024-27306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
    },
    {
      "name": "CVE-2024-23807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
    },
    {
      "name": "CVE-2023-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
    },
    {
      "name": "CVE-2019-11250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11250"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2022-21365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
    },
    {
      "name": "CVE-2022-21294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
    },
    {
      "name": "CVE-2024-27289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
    },
    {
      "name": "CVE-2024-38329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38329"
    },
    {
      "name": "CVE-2022-34169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
    },
    {
      "name": "CVE-2022-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
    },
    {
      "name": "CVE-2024-24549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
    },
    {
      "name": "CVE-2020-2604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2604"
    },
    {
      "name": "CVE-2022-21340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
    },
    {
      "name": "CVE-2024-23081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23081"
    },
    {
      "name": "CVE-2022-21293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
    },
    {
      "name": "CVE-2020-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
    },
    {
      "name": "CVE-2022-21282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
    },
    {
      "name": "CVE-2022-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2021-20264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20264"
    },
    {
      "name": "CVE-2022-21248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
    },
    {
      "name": "CVE-2024-29180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
    },
    {
      "name": "CVE-2024-22259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
    },
    {
      "name": "CVE-2024-22257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
    },
    {
      "name": "CVE-2023-47726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47726"
    },
    {
      "name": "CVE-2020-2757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
    },
    {
      "name": "CVE-2023-42282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2024-1681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1681"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2024-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
    },
    {
      "name": "CVE-2020-2756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
    },
    {
      "name": "CVE-2022-21476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
    },
    {
      "name": "CVE-2022-21541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
    },
    {
      "name": "CVE-2022-21360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
    },
    {
      "name": "CVE-2022-21296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
    },
    {
      "name": "CVE-2022-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    }
  ],
  "initial_release_date": "2024-06-21T00:00:00",
  "last_revision_date": "2024-06-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0514",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-06-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-06-19",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7158042",
      "url": "https://www.ibm.com/support/pages/node/7158042"
    },
    {
      "published_at": "2024-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7157662",
      "url": "https://www.ibm.com/support/pages/node/7157662"
    },
    {
      "published_at": "2024-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7157750",
      "url": "https://www.ibm.com/support/pages/node/7157750"
    },
    {
      "published_at": "2024-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7157924",
      "url": "https://www.ibm.com/support/pages/node/7157924"
    },
    {
      "published_at": "2024-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7157753",
      "url": "https://www.ibm.com/support/pages/node/7157753"
    },
    {
      "published_at": "2024-06-20",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7157847",
      "url": "https://www.ibm.com/support/pages/node/7157847"
    },
    {
      "published_at": "2024-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7157927",
      "url": "https://www.ibm.com/support/pages/node/7157927"
    },
    {
      "published_at": "2024-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7157929",
      "url": "https://www.ibm.com/support/pages/node/7157929"
    }
  ]
}

CERTFR-2024-AVI-1015

Vulnerability from certfr_avis - Published: 2024-11-22 - Updated: 2024-11-22

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les vulnérabilités CVE-2024-47875 et CVE-2024-45801 n'ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x

Impacted products

Vendor	Product	Description
IBM	QRadar	QRadar Pre-Validation App versions antérieures à 2.0.1
IBM	QRadar	QRadar Pulse App versions antérieures à 2.2.15
IBM	WebSphere	WebSphere Hybrid Edition sans le correctif APAR PH63533
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.25
IBM	AIX	AIX version 7.3 sans le correctif bind_fix27/73bind918.tar
IBM	VIOS	VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar
IBM	WebSphere	WebSphere Application Server Liberty sans le correctif APAR PH63533
IBM	Cloud Pak System	Cloud Pak System versions antérieures à 2.3.5.0 pour Power avec le correctif PH60195/PH61002
IBM	AIX	AIX version 7.2 sans le correctif bind_fix27/72bind918.tar
IBM	VIOS	VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.26
IBM	Cloud Pak System	Cloud Pak System versions antérieures à 2.3.4.1 pour Intel avec le correctif PH60195/PH61002
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11
IBM	QRadar	QRadar User Behavior Analytics versions antérieures à 4.1.17

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7176657	2024-11-20	vendor-advisory
Bulletin de sécurité IBM 7176642	2024-11-20	vendor-advisory
Bulletin de sécurité IBM 7176660	2024-11-20	vendor-advisory
Bulletin de sécurité IBM 7176201	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176391	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176392	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176386	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176389	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176451	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176388	2024-11-18	vendor-advisory
Bulletin de sécurité IBM 7176205	2024-11-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.15",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Hybrid Edition sans le correctif APAR PH63533",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.25",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.3 sans le correctif bind_fix27/73bind918.tar",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty sans le correctif APAR PH63533",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power avec le correctif PH60195/PH61002",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.2 sans le correctif bind_fix27/72bind918.tar",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.26",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.4.1 pour Intel avec le correctif PH60195/PH61002",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.17",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les vuln\u00e9rabilit\u00e9s CVE-2024-47875 et CVE-2024-45801 n\u0027ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2024-43788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2024-47831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-34351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34351"
    },
    {
      "name": "CVE-2024-34069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2024-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2024-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
    },
    {
      "name": "CVE-2024-46982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46982"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2024-45801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2023-51775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
    },
    {
      "name": "CVE-2024-5569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
    },
    {
      "name": "CVE-2024-47875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
    },
    {
      "name": "CVE-2018-14041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2024-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
    },
    {
      "name": "CVE-2024-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
    },
    {
      "name": "CVE-2023-26159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "initial_release_date": "2024-11-22T00:00:00",
  "last_revision_date": "2024-11-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-11-20",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176657",
      "url": "https://www.ibm.com/support/pages/node/7176657"
    },
    {
      "published_at": "2024-11-20",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176642",
      "url": "https://www.ibm.com/support/pages/node/7176642"
    },
    {
      "published_at": "2024-11-20",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176660",
      "url": "https://www.ibm.com/support/pages/node/7176660"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176201",
      "url": "https://www.ibm.com/support/pages/node/7176201"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176391",
      "url": "https://www.ibm.com/support/pages/node/7176391"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176392",
      "url": "https://www.ibm.com/support/pages/node/7176392"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176386",
      "url": "https://www.ibm.com/support/pages/node/7176386"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176389",
      "url": "https://www.ibm.com/support/pages/node/7176389"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176451",
      "url": "https://www.ibm.com/support/pages/node/7176451"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176388",
      "url": "https://www.ibm.com/support/pages/node/7176388"
    },
    {
      "published_at": "2024-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176205",
      "url": "https://www.ibm.com/support/pages/node/7176205"
    }
  ]
}

GHSA-FR5H-RQP8-MJ6G

Vulnerability from github – Published: 2024-05-09 21:18 – Updated: 2025-09-10 21:12

Summary

Next.js Server-Side Request Forgery in Server Actions

Details

Impact

A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.

Prerequisites

Next.js (<14.1.1) is running in a self-hosted* manner.
The Next.js application makes use of Server Actions.
The Server Action performs a redirect to a relative path which starts with a /.

* Many hosting providers (including Vercel) route requests based on the Host header, so we do not believe that this vulnerability affects any Next.js applications where routing is done in this manner.

Patches

This vulnerability was patched in #62561 and fixed in Next.js 14.1.1.

Workarounds

There are no official workarounds for this vulnerability. We recommend upgrading to Next.js 14.1.1.

Credit

Vercel and the Next.js team thank Assetnote for responsibly disclosing this issue to us, and for working with us to verify the fix. Thanks to:

Adam Kues - Assetnote Shubham Shah - Assetnote

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "next"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "13.4.0"
            },
            {
              "fixed": "14.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-34351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-09T21:18:57Z",
    "nvd_published_at": "2024-05-14T15:38:42Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\n#### Prerequisites\n* Next.js (`\u003c14.1.1`) is running in a self-hosted* manner.\n* The Next.js application makes use of Server Actions.\n* The Server Action performs a redirect to a relative path which starts with a `/`.\n\n\\* Many hosting providers (including Vercel) route requests based on the Host header, so we do not believe that this vulnerability affects any Next.js applications where routing is done in this manner.\n\n### Patches\nThis vulnerability was patched in [#62561](https://github.com/vercel/next.js/pull/62561) and fixed in Next.js `14.1.1`.\n \n### Workarounds\nThere are no official workarounds for this vulnerability. We recommend upgrading to Next.js `14.1.1`.\n\n### Credit\nVercel and the Next.js team thank Assetnote for responsibly disclosing this issue to us, and for working with us to verify the fix. Thanks to:\n\nAdam Kues - Assetnote\nShubham Shah - Assetnote",
  "id": "GHSA-fr5h-rqp8-mj6g",
  "modified": "2025-09-10T21:12:31Z",
  "published": "2024-05-09T21:18:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34351"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vercel/next.js/pull/62561"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vercel/next.js"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Next.js Server-Side Request Forgery in Server Actions"
}

FKIE_CVE-2024-34351

Vulnerability from fkie_nvd - Published: 2024-05-14 15:38 - Updated: 2025-09-10 15:43

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085	Patch
security-advisories@github.com	https://github.com/vercel/next.js/pull/62561	Issue Tracking, Patch
security-advisories@github.com	https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vercel/next.js/pull/62561	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g	Vendor Advisory

Impacted products

	Vendor	Product	Version
	vercel	next.js	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "5B519CAE-0AD2-41EA-8483-4930A8558C4D",
              "versionEndExcluding": "14.1.1",
              "versionStartIncluding": "13.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`."
    },
    {
      "lang": "es",
      "value": "Next.js es un framework React que puede proporcionar componentes b\u00e1sicos para crear aplicaciones web. Se identific\u00f3 una vulnerabilidad de Server Side Request Forgery (SSRF) en las acciones del servidor Next.js. Si se modifica el encabezado \"Host\" y tambi\u00e9n se cumplen las condiciones siguientes, un atacante puede realizar solicitudes que parecen originarse en el propio servidor de aplicaciones Next.js. Las condiciones requeridas son 1) Next.js se ejecuta de forma autohospedada; 2) la aplicaci\u00f3n Next.js utiliza acciones del servidor; y 3) la Acci\u00f3n del Servidor realiza una redirecci\u00f3n a una ruta relativa que comienza con `/`. Esta vulnerabilidad se solucion\u00f3 en Next.js `14.1.1`."
    }
  ],
  "id": "CVE-2024-34351",
  "lastModified": "2025-09-10T15:43:33.553",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-14T15:38:42.563",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/vercel/next.js/pull/62561"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/vercel/next.js/pull/62561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-34351 (GCVE-0-2024-34351)

CERTFR-2024-AVI-0514

Solutions

CERTFR-2024-AVI-1015

Solutions

GHSA-FR5H-RQP8-MJ6G

Impact

Prerequisites

Patches

Workarounds

Credit

FKIE_CVE-2024-34351

Tags

Sightings

Nomenclature