{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-37370", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-13T18:14:25.560Z", "dateReserved": "2024-06-06T00:00:00.000Z", "datePublished": "2024-06-28T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-28T22:04:28.292Z"}, "descriptions": [{"lang": "en", "value": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://web.mit.edu/kerberos/www/advisories/"}, {"url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-345", "lang": "en", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-01T15:25:49.407050Z", "id": "CVE-2024-37370", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T18:14:25.560Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://web.mit.edu/kerberos/www/advisories/", "tags": ["x_transferred"]}, {"url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20241108-0007/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-08T15:02:50.736Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-37370", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-13T18:14:25.560Z", "dateReserved": "2024-06-06T00:00:00.000Z", "datePublished": "2024-06-28T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-28T22:04:28.292Z"}, "descriptions": [{"lang": "en", "value": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://web.mit.edu/kerberos/www/advisories/"}, {"url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://web.mit.edu/kerberos/www/advisories/", "tags": ["x_transferred"]}, {"url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20241108-0007/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-08T15:02:50.736Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-37370", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T15:25:49.407050Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T15:25:54.000Z"}}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "9882067B-E1AC-4800-AB8E-541B937B498A", "versionEndExcluding": "1.21.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application."}, {"lang": "es", "value": "En MIT Kerberos 5 (tambi\u00e9n conocido como krb5) anterior a 1.21.3, un atacante puede modificar el campo Extra Count de texto plano de un token de envoltura GSS krb5 confidencial, lo que hace que el token desenvuelto aparezca truncado para la aplicaci\u00f3n."}], "id": "CVE-2024-37370", "lastModified": "2025-03-13T19:15:45.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-28T22:15:02.293", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://web.mit.edu/kerberos/www/advisories/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20241108-0007/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://web.mit.edu/kerberos/www/advisories/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5316", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "krb5-0:1.15.1-37.el7_7.4", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5076", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "krb5-0:1.15.1-55.el7_9.2", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5312", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "krb5-0:1.18.2-29.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5884", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "krb5-0:1.17-19.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-08-27T00:00:00Z"}, {"advisory": "RHSA-2024:4734", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "krb5-0:1.18.2-9.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-07-23T00:00:00Z"}, {"advisory": "RHSA-2024:4734", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "krb5-0:1.18.2-9.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-07-23T00:00:00Z"}, {"advisory": "RHSA-2024:4734", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "krb5-0:1.18.2-9.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-07-23T00:00:00Z"}, {"advisory": "RHSA-2024:5625", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "krb5-0:1.18.2-16.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-20T00:00:00Z"}, {"advisory": "RHSA-2024:5625", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "krb5-0:1.18.2-16.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-20T00:00:00Z"}, {"advisory": "RHSA-2024:5625", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "krb5-0:1.18.2-16.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-20T00:00:00Z"}, {"advisory": "RHSA-2024:4743", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "krb5-0:1.18.2-26.el8_8.2", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-07-23T00:00:00Z"}, {"advisory": "RHBA-2024:6585", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "rhel9/toolbox:9.4-12.1725906880", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHBA-2024:6585", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "ubi9/toolbox:9.4-12.1725906880", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6166", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "krb5-0:1.21.1-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6166", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "krb5-0:1.21.1-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:5630", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "krb5-0:1.19.1-16.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-20T00:00:00Z"}, {"advisory": "RHSA-2024:5643", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "krb5-0:1.20.1-9.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-20T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-operator-bundle:1.4.7-4", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-router-rhel9:2.4.3-7", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-operator-bundle:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-router-rhel9:2.4.3-6", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-operator-bundle:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-router-rhel9:2.5.3-6", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-operator-bundle:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-router-rhel9:2.5.3-5", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}], "bugzilla": {"description": "krb5: GSS message token handling", "id": "2294677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "details": ["In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-37370", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "aap-cloud-metrics-collector-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/de-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-dellemc-openmanage-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-25/ansible-builder-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/ansible-dev-tools-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-25/ee-cloud-services-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2024-06-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-37370\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-37370\nhttps://web.mit.edu/kerberos/www/krb5-1.21/"], "statement": "This vulnerability has an ability to disrupt authentication process and attackers able to alter the token data durning the transmission which leads to disruption in service and an attacker can void the integrity by altering the token durning the transmission for authentication process. This has been rated as moderate by Redhat as the vulnerability cannot be exploited in a way that it leads to a loss of availability or integrity,when in transmission token count field can be changed making the token appear truncated.", "threat_severity": "Moderate"}