CVE-2024-6237
Medium
Published: 09 July 2024
Published
09 July 2024
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0106
78.1th percentile
Risk Priority
14
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-6237 is a medium-severity Improper Handling of Missing Values (CWE-230) vulnerability in Redhat Directory Server. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 21.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47979
Vulnerability details
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
redhat
directory server
12.0
redhat
389 directory server
all versions
redhat
enterprise linux
9.0
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.