1 of 1

Advisory on Redis Vulnerabilities

On October 04, 2024, Redis disclosed multiple vulnerabilities regarding the Redis In-Memory Database. As per the available information, the following are the vulnerability details:

CVE ID

Vulnerability

Allows an authenticated remote user to execute an arbitrary remote code.

The vulnerabilities allow a remote user to perform Denial of Service (DoS) attack.

The most severe of these vulnerabilities is CVE-2024-31449, which is classified as a High severity and has a CVSS score of 8.8. It could allow remote attackers to execute arbitrary code on affected systems.

Impacted IONOS Cloud Products

Product Ranges

Product

Impacted

Mitigated

Patch Status

Databases

Yes

Done

Risk on IONOS Cloud user environment

Although the design of our database product did not allow the remote users to exploit the vulnerability, IONOS has rolled out the patched versions. As of now, there is no known exploit for these reported vulnerabilities.

What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud has already rolled out the patched versions for the reported vulnerabilities.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.