CVE-2024-45478

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jan 21, 2025

Updated: Jan 22, 2025

CWE ID 20

Summary

CVE-2024-45478 refers to a Stored Cross-Site Scripting (XSS) vulnerability found in the Edit Service Page of Apache Ranger UI in version 2.4.0. Malicious scripts injected into this page could be executed in users' browsers when they view a specially crafted webpage, potentially leading to unauthorized access or data theft. It is strongly advised to upgrade to Apache Ranger version 2.5.0, which includes a patch for this security flaw.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/yLB20Y
https://www.cve.org/CVERecord?id=CVE-2024-45478
https://nvd.nist.gov/vuln/detail/CVE-2024-45478

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-45478

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations