{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-30171", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-19T17:18:20.969Z", "dateReserved": "2024-03-24T00:00:00", "datePublished": "2024-05-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-14T13:06:05.488818"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.bouncycastle.org/latest_releases.html"}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171"}, {"url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0008/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:25:02.988Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.bouncycastle.org/latest_releases.html", "tags": ["x_transferred"]}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171", "tags": ["x_transferred"]}, {"url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0008/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-203", "lang": "en", "description": "CWE-203 Observable Discrepancy"}]}], "affected": [{"vendor": "bouncycastle", "product": "bouncy_castle_for_java", "cpes": ["cpe:2.3:a:bouncycastle:bouncy_castle_for_java:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.78", "versionType": "custom"}]}, {"vendor": "netapp", "product": "active_iq_unified_manager", "cpes": ["cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "bluexp", "cpes": ["cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "ontap_tools", "cpes": ["cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9", "status": "affected"}]}, {"vendor": "netapp", "product": "oncommand_workflow_automation", "cpes": ["cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-19T17:18:15.455507Z", "id": "CVE-2024-30171", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T17:18:20.969Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.bouncycastle.org/latest_releases.html", "tags": ["x_transferred"]}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171", "tags": ["x_transferred"]}, {"url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0008/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:25:02.988Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-30171", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-19T17:18:15.455507Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bouncycastle:bouncy_castle_for_java:*:*:*:*:*:*:*:*"], "vendor": "bouncycastle", "product": "bouncy_castle_for_java", "versions": [{"status": "affected", "version": "0", "lessThan": "1.78", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*"], "vendor": "netapp", "product": "active_iq_unified_manager", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "bluexp", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*"], "vendor": "netapp", "product": "ontap_tools", "versions": [{"status": "affected", "version": "9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "oncommand_workflow_automation", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T17:14:41.308Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.bouncycastle.org/latest_releases.html"}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171"}, {"url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0008/"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-14T13:06:05.488818"}}}, "cveMetadata": {"cveId": "CVE-2024-30171", "state": "PUBLISHED", "dateUpdated": "2024-08-19T17:18:20.969Z", "dateReserved": "2024-03-24T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-09T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en la API TLS Java de Bouncy Castle y en el proveedor JSSE anterior a la versi\u00f3n 1.78. Es posible que se produzcan fugas basadas en el tiempo en los protocolos de enlace basados en RSA debido al procesamiento de excepciones."}], "id": "CVE-2024-30171", "lastModified": "2024-11-21T09:11:21.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-14T15:21:52.690", "references": [{"source": "cve@mitre.org", "url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171"}, {"source": "cve@mitre.org", "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20240614-0008/"}, {"source": "cve@mitre.org", "url": "https://www.bouncycastle.org/latest_releases.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240614-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.bouncycastle.org/latest_releases.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Hubert Kario (Red Hat).", "affected_release": [{"advisory": "RHSA-2024:4173", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-db-rhel8:3.0.0-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4173", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:3.0.0-2", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4173", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-operator-bundle:3.0.0-2", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4173", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8:3.0.0-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4173", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-reports-rhel8:3.0.0-2", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4173", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-rhel8:3.0.0-2", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4173", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-rhel8-operator:3.0.0-2", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4173", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-storage-rhel8:3.0.0-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4173", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/jfr-datasource-rhel8:3.0.0-2", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4271", "cpe": "cpe:/a:redhat:amq_broker:7.12", "package": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat AMQ Broker 7", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:4884", "cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.4.1", "package": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4505", "cpe": "cpe:/a:redhat:camel_quarkus:3", "package": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat Build of Apache Camel 4.4 for Quarkus 3.8", "release_date": "2024-07-11T00:00:00Z"}, {"advisory": "RHSA-2024:4326", "cpe": "cpe:/a:redhat:quarkus:3.8::el8", "package": "org.bouncycastle/bcprov-jdk18on:1.78.1.redhat-00002", "product_name": "Red Hat build of Quarkus 3.8.5.redhat", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:5147", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-bouncycastle-0:1.78.1-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-bouncycastle-0:1.78.1-1.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-bouncycastle-0:1.78.1-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5482", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "package": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat JBoss Enterprise Application Platform 8", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-bouncycastle-0:1.78.1-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-activemq-artemis-0:2.21.0-5.redhat_00052.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-angus-0:2.0.3-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-angus-activation-0:2.0.1-3.redhat_00006.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-commons-beanutils-0:1.9.4-13.redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-commons-cli-0:1.4.0-2.redhat_00003.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-commons-codec-0:1.15.0-6.redhat_00016.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-cxf-0:4.0.4-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-cxf-xjc-utils-0:4.0.0-5.redhat_00003.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-mime4j-0:0.8.11-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-sshd-0:2.12.1-2.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-bouncycastle-0:1.78.1-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-byte-buddy-0:1.14.18-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-caffeine-0:3.1.8-2.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-eap-product-conf-parent-0:800.3.0-2.GA_redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-guava-failureaccess-0:1.0.2-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-guava-libraries-0:33.0.0-1.jre_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-hal-console-0:3.6.19-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-hornetq-0:2.4.9-4.Final_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-httpcomponents-asyncclient-0:4.1.5-3.redhat_00005.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-httpcomponents-client-0:4.5.14-4.redhat_00012.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-httpcomponents-core-0:4.4.16-4.redhat_00010.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-infinispan-0:14.0.30-2.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jakarta-json-api-0:2.1.3-1.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jakarta-mail-0:2.1.3-1.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jakarta-servlet-api-0:6.0.0-5.redhat_00006.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jakarta-websocket-0:2.1.1-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jakarta-xml-bind-api-0:4.0.1-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jandex-0:3.0.8-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jasypt-0:1.9.3-4.redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-java-classmate-0:1.5.1-3.redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jaxb-0:4.0.5-2.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jboss-metadata-0:16.0.0-3.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jboss-openjdk-orb-0:10.1.0-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jbossws-cxf-0:7.1.0-1.Final_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-joda-time-0:2.12.7-1.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jsf-impl-0:4.0.7-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-mod_cluster-0:2.0.3-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-neethi-0:3.2.0-1.redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-netty-0:4.1.108-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-netty-transport-native-epoll-0:4.1.108-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-netty-xnio-transport-0:0.1.10-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-opensaml-0:4.2.0-4.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-parsson-0:1.1.5-2.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-reactivex-rxjava-0:3.1.8-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-resteasy-0:6.2.7-2.Final_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-slf4j-0:2.0.13-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-stax2-api-0:4.2.2-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-velocity-0:2.3.0-3.redhat_00009.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-weld-core-0:5.1.2-2.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-wildfly-0:8.0.3-9.GA_redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-wildfly-discovery-0:1.3.0-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-wildfly-elytron-0:2.2.6-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-wsdl4j-0:1.6.3-5.redhat_00008.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-wss4j-0:3.0.3-1.redhat_00008.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-xml-security-0:3.0.4-1.redhat_00005.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-yasson-0:3.0.3-3.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-08-15T00:00:00Z"}], "bugzilla": {"description": "bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)", "id": "2276360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276360"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-208", "details": ["An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.", "A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS#1 1.5 and OAEP decryption process (a.k.a. Marvin Attack). An attacker can recover cipher-texts via a side-channel attack by exploiting the Marvin security flaw. The PKCS#1 1.5 attack vector leaks data via javax.crypto.Cipher exceptions and the OAEP interface vector leaks via the bit size of the decrypted data."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-30171", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Affected", "package_name": "org.bouncycastle-bcprov-jdk18on", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Out of support scope", "package_name": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Affected", "package_name": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "org.bouncycastle/bcprov-jdk18on", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.bouncycastle-bcprov-jdk18on", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "org.bouncycastle-bcprov-jdk18on", "product_name": "streams for Apache Kafka"}], "public_date": "2024-04-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-30171\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-30171\nhttps://people.redhat.com/~hkario/marvin/"], "threat_severity": "Moderate", "upstream_fix": "org.bouncycastle-bcprov-jdk18on 1.78"}