{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-01T00:32:47.580","vulnerabilities":[{"cve":{"id":"CVE-2024-32037","sourceIdentifier":"security-advisories@github.com","published":"2025-02-11T22:15:27.930","lastModified":"2026-06-17T07:29:09.630","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available."},{"lang":"es","value":"GeoNetwork es una aplicación de catálogo para administrar recursos referenciados espacialmente. En versiones anteriores a 4.2.10 y 4.4.5, los encabezados de respuesta del endpoint de búsqueda contienen información sobre el software Elasticsearch en uso. Esta información es valiosa desde el punto de vista de la seguridad porque permite identificar fácilmente el software utilizado por el servidor. GeoNetwork 4.4.5 y 4.2.10 solucionan este problema. No se conocen workarounds."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"geonetwork","product":"core-geonetwork","versions":[{"version":"< 4.2.10","status":"affected"},{"version":">= 4.4.0, < 4.4.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":0.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-12T15:37:36.526856Z","id":"CVE-2024-32037","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geonetwork:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.10","matchCriteriaId":"5EA5B186-5F02-461E-B114-D5C1EC91F148"},{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geonetwork:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.5","matchCriteriaId":"52C2F47C-1DBB-44FA-9261-434BC2317D79"}]}]}],"references":[{"url":"https://docs.geonetwork-opensource.org/4.4/api/search","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/geonetwork/core-geonetwork/releases/tag/4.2.10","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/geonetwork/core-geonetwork/releases/tag/4.4.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-52rf-25hq-5m33","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}