Vulnerability Details CVE-2023-2974
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.1%
CVSS Severity
CVSS v3 Score 6.5
References
- https://access.redhat.com/errata/RHSA-2023:3809
- https://access.redhat.com/security/cve/CVE-2023-2974
- https://bugzilla.redhat.com/show_bug.cgi?id=2211026
- https://access.redhat.com/errata/RHSA-2023:3809
- https://access.redhat.com/security/cve/CVE-2023-2974
- https://bugzilla.redhat.com/show_bug.cgi?id=2211026
Products affected by CVE-2023-2974
-
cpe:2.3:a:redhat:build_of_quarkus:-
-
cpe:2.3:a:redhat:build_of_quarkus:1.0
-
cpe:2.3:a:redhat:build_of_quarkus:2.0
-
cpe:2.3:a:redhat:build_of_quarkus:2.13.0
-
cpe:2.3:a:redhat:build_of_quarkus:2.2.5
-
cpe:2.3:a:redhat:build_of_quarkus:2.7