CVE-2023-49619 Vulnerability Details

  /     /     /  

CVE-2023-49619 Metadata Quick Info

CVE Published: 10/01/2024 | CVE Updated: 03/09/2024 | CVE Year: 2023
Source: apache | Vendor: Apache Software Foundation | Product: Apache Answer
Status : PUBLISHED

---

CVE-2023-49619 Description

Concurrent Execution using Shared Resource with Improper Synchronization (\'Race Condition\') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-362
CWE Name: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ( Race Condition )
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).