Cyber Resilience

CVE-2024-34517

Medium

Published: 07 May 2024

Published
07 May 2024
Modified
21 April 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0021 43.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-34517 is a medium-severity MAID (CWE-471) vulnerability in Neo4J Neo4J. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Databases (T1213.006); ranked at the 43.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

The CVE allows attackers with admin access to bypass IMMUTABLE privilege handling in Neo4j Cypher, enabling unauthorized database data access (C:H, T1213.006) and modification of assumed-immutable stored data (I:H, T1565.001).

Affected Assets

neo4j
neo4j
5.0.0 — 5.19.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-471

Checksums and integrity protection during transformation/packing detect unauthorized modification of data assumed to be immutable before it is transmitted.

References