How severe is CVE-2024-6504?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-6504?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2024-6504

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-693

View all →

Vulnerability Description

Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261.

CVE-2013-0431

MEDIUM

CVSS:5.3(Medium)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbo...

CWE-6932013

CVE-2014-125107

MEDIUM

CVSS:5.3(Medium)

A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protec...

CWE-6932014

CVE-2018-0138

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an ...

CWE-6932018

CVE-2018-0198

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection...

CWE-6932018

CVE-2018-0254

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypas...

CWE-6932018

CVE-2018-6794

MEDIUM

CVSS:5.3(Medium)

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is compl...

CWE-6932018

CVE-2024-6504

Vulnerability Description

Related Vulnerabilities

CVE-2013-0431

CVE-2014-125107

CVE-2018-0138

CVE-2018-0198

CVE-2018-0254

CVE-2018-6794