How severe is CVE-2024-39928?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-39928?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2024-39928

Q: What is CVE-2024-39928?

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

HIGH Year: 2024

CVSS v3 Score

7.5

High

Weakness Type

CWE-326

View all →

Vulnerability Description

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

CVE-2002-1697

HIGH

CVSS:7.5(High)

Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain se...

CWE-3262002

CVE-2002-1872

HIGH

CVSS:7.5(High)

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

CWE-3262002

CVE-2002-1910

HIGH

CVSS:7.5(High)

Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.

CWE-3262002

CVE-2004-2172

HIGH

CVSS:7.5(High)

EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.

CWE-3262004