Advisory on Redis Vulnerabilities

On October 04, 2024, Redis disclosed multiple vulnerabilities regarding the Redis In-Memory Database. As per the available information, the following are the vulnerability details:

CVE ID	Vulnerability
CVE-2024-31449	Allows an authenticated remote user to execute an arbitrary remote code.
CVE-2024-31227 CVE-2024-31228	The vulnerabilities allow a remote user to perform Denial of Service (DoS) attack.

CVE ID

Vulnerability

CVE-2024-31449

Allows an authenticated remote user to execute an arbitrary remote code.

CVE-2024-31227 CVE-2024-31228

The vulnerabilities allow a remote user to perform Denial of Service (DoS) attack.

The most severe of these vulnerabilities is CVE-2024-31449, which is classified as a High severity and has a CVSS score of 8.8. It could allow remote attackers to execute arbitrary code on affected systems.

Impacted IONOS Cloud Products

Product Ranges	Product	Impacted	Mitigated	Patch Status
Databases	In-Memory DB	Yes	Yes	Done

Product Ranges

Product

Impacted

Mitigated

Patch Status

Databases

In-Memory DB

Yes

Done

Risk on IONOS Cloud user environment

Although the design of our database product did not allow the remote users to exploit the vulnerability, IONOS has rolled out the patched versions. As of now, there is no known exploit for these reported vulnerabilities.

What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud has already rolled out the patched versions for the reported vulnerabilities.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

PreviousAdvisory on Linux CUPS Vulnerabilities NextAdvisory on CVE-2024-6387

Last updated 8 days ago