CVE-2024-45719

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

CVSS v3 2.6 LOW

2.6^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/22/1	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*

History

01 Jul 2025, 20:29

Type	Values Removed	Values Added
First Time		Apache answer Apache
References	~~() https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491 -~~	() https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491 - Mailing List, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2024/11/22/1 -~~	() http://www.openwall.com/lists/oss-security/2024/11/22/1 - Mailing List
CPE		cpe:2.3:a:apache:answer::::::::

Information

Published : 2024-11-22 15:15

Updated : 2025-07-01 20:29

NVD link : CVE-2024-45719

Mitre link : CVE-2024-45719

CVE.ORG link : CVE-2024-45719

JSON object : View

Products Affected

apache

answer

CWE

CWE-326

Inadequate Encryption Strength

2.6 /10