CVE-2024-32037

CVSS 3.1 Score 0 of 10 (low)

Details

Published Feb 11, 2025

CWE ID 200

Summary

CVE-2024-32037 is a vulnerability affecting GeoNetwork, a spatially referenced resource catalog application. In versions prior to 4.2.10 and 4.4.5, the application's search endpoint unintentionally discloses information about the Elasticsearch software in use through response headers. This information can be valuable to attackers for targeting specific vulnerabilities in the identified software. GeoNetwork has released patches for versions 4.2.10 and 4.4.5 to address this issue, and no known workarounds are available to mitigate the risk before updating.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

CORE

Affected Vendors

JET Charge Pty Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3RU91B
https://www.cve.org/CVERecord?id=CVE-2024-32037
https://nvd.nist.gov/vuln/detail/CVE-2024-32037

Back to Vulnerability Database