PT-2024-31737 · Apache · Apache Answer
Chi Tran
·
Published
2024-11-22
·
Updated
2025-07-01
·
CVE-2024-45719
CVSS v3.1
2.6
Low
| Vector | AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Apache Answer versions through 1.4.0
Description:
The issue is related to inadequate encryption strength in Apache Answer, specifically with the use of UUID v1 version for generating ids. This can cause the generated token to be predictable, potentially leading to sensitive data exposure.
Recommendations:
For Apache Answer versions through 1.4.0, upgrade to version 1.4.1 to fix the issue. As a temporary workaround, consider restricting the use of UUID v1 version for generating ids until the upgrade is applied.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Answer