Vulnerability Details CVE-2023-2974
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.2%
CVSS Severity
CVSS v3 Score 6.5
References
- https://access.redhat.com/errata/RHSA-2023:3809
- https://access.redhat.com/security/cve/CVE-2023-2974
- https://bugzilla.redhat.com/show_bug.cgi?id=2211026
- https://access.redhat.com/errata/RHSA-2023:3809
- https://access.redhat.com/security/cve/CVE-2023-2974
- https://bugzilla.redhat.com/show_bug.cgi?id=2211026
Products affected by CVE-2023-2974
-
cpe:2.3:a:redhat:build_of_quarkus:-
-
cpe:2.3:a:redhat:build_of_quarkus:1.0
-
cpe:2.3:a:redhat:build_of_quarkus:2.0
-
cpe:2.3:a:redhat:build_of_quarkus:2.13.0
-
cpe:2.3:a:redhat:build_of_quarkus:2.2.5
-
cpe:2.3:a:redhat:build_of_quarkus:2.7