← voltar
CVE-2026-24735

Apache Answer: Revision API Improper Access Control leads to Information Disclosure

CVSS 7.5 HIGHEPSS 0.6%CWE-359
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
04 fev 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
Apache Software Foundation · Apache Answer

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.apache.org/thread/whxloom7mpxlyt5wzdskflsg5mzdzd60http://www.openwall.com/lists/oss-security/2026/02/04/1