QwikSec

Security Database

CVE

CWE

Training

CVE-2024-45719

Published: Nov 22, 2024

Modified: Nov 22, 2024

PUBLISHED

Description

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Answer	affected `0 - <= 1.4.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.