CVE-2024-21994Allocation of Resources Without Limits or Throttling in Storagegrid

CWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 51.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netapp Storagegrid
Timeline
PublishedNov 8

Description

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5netapp/storagegrid< 11.9.0
NVDnetapp/storagegrid< 11.9.0

🔴Vulnerability Details

2
CVEList
CVE-2024-21994 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)2024-11-08
GHSA
GHSA-m8v2-5x3v-f8v7: StorageGRID (formerly StorageGRID Webscale) versions prior to 112024-11-08