PT-2024-20923 · Steve · Steve

Tano-Coppoletta

Published

2024-02-12

Updated

2025-04-25

CVE-2024-25407

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SteVe version 3.6.0

Description The issue is related to SteVe using predictable transaction ID's when receiving a StartTransaction request. This can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions. The StartTransaction request is the endpoint where this issue is observed.

Recommendations For SteVe version 3.6.0, as a temporary workaround, consider restricting access to the StartTransaction request until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

CVE-2024-25407

Affected Products

Steve

PT-2024-20923 · Steve · Steve

CVE-2024-25407

Weakness Enumeration

Related Identifiers

Affected Products

References · 7