CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2024-6248 (GCVE-0-2024-6248)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:05 – Updated: 2024-12-04 21:43
VLAI
Title
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability
Summary
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the run_action_batch endpoint of the cloud infrastructure. The issue results from the use of the device's MAC address as a sole credential for authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22393.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://forums.wyze.com/t/security-advisory/289256 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Wyze | Cam v3 |
Affected:
4.36.11.7071
|
|
| wyze | cam_v3_firmware |
Affected:
4.36.11.7071
cpe:2.3:o:wyze:cam_v3_firmware:4.36.11.7071:*:*:*:*:*:*:* |
Date Public
2024-06-21 20:26
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:wyze:cam_v3_firmware:4.36.11.7071:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cam_v3_firmware",
"vendor": "wyze",
"versions": [
{
"status": "affected",
"version": "4.36.11.7071"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:16:09.896085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T21:43:13.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cam v3",
"vendor": "Wyze",
"versions": [
{
"status": "affected",
"version": "4.36.11.7071"
}
]
}
],
"dateAssigned": "2024-06-21T14:52:30.166Z",
"datePublic": "2024-06-21T20:26:29.651Z",
"descriptions": [
{
"lang": "en",
"value": "Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the run_action_batch endpoint of the cloud infrastructure. The issue results from the use of the device\u0027s MAC address as a sole credential for authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22393."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:42.870Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-839",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-839/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://forums.wyze.com/t/security-advisory/289256"
}
],
"source": {
"lang": "en",
"value": "Rafal Goryl"
},
"title": "Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-6248",
"datePublished": "2024-11-22T20:05:42.870Z",
"dateReserved": "2024-06-21T14:52:30.170Z",
"dateUpdated": "2024-12-04T21:43:13.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6576 (GCVE-0-2024-6576)
Vulnerability from cvelistv5 – Published: 2024-07-29 13:46 – Updated: 2024-08-01 21:41
VLAI
Title
MOVEit Transfer Privilege Escalation Vulnerability
Summary
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.progress.com/moveit | product |
| https://community.progress.com/s/article/MOVEit-T… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress | MOVEit Transfer |
Affected:
2023.0.0 , < 2023.0.12
(semver)
Affected: 2023.1.0 , < 2023.1.7 (semver) Affected: 2024.0.0 , < 2024.0.3 (semver) |
|
| progress | moveit_transfer |
Affected:
2023.0.0 , < 2023.0.12
(semver)
Affected: 2023.1.0 , < 2023.1.7 (semver) Affected: 2024.0.0 , < 2024.0.3 (semver) cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moveit_transfer",
"vendor": "progress",
"versions": [
{
"lessThan": "2023.0.12",
"status": "affected",
"version": "2023.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
},
{
"lessThan": "2024.0.3",
"status": "affected",
"version": "2024.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T15:51:24.094046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T16:07:10.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/moveit"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-July-2024-CVE-2024-6576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"SFTP"
],
"platforms": [
"Windows"
],
"product": "MOVEit Transfer",
"vendor": "Progress",
"versions": [
{
"lessThan": "2023.0.12",
"status": "affected",
"version": "2023.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
},
{
"lessThan": "2024.0.3",
"status": "affected",
"version": "2024.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Discovered Internally"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.\u003cp\u003eThis issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T13:46:32.409Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/moveit"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-July-2024-CVE-2024-6576"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MOVEit Transfer Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-6576",
"datePublished": "2024-07-29T13:46:32.409Z",
"dateReserved": "2024-07-08T17:38:23.180Z",
"dateUpdated": "2024-08-01T21:41:03.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7012 (GCVE-0-2024-7012)
Vulnerability from cvelistv5 – Published: 2024-09-04 13:41 – Updated: 2025-11-11 15:29
VLAI
Title
Puppet-foreman: an authentication bypass vulnerability exists in foreman
Summary
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:6335 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:6336 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:6337 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:8906 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-7012 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2299429 | issue-trackingx_refsource_REDHAT |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 22.0
(semver)
|
|||
| Red Hat | Red Hat Satellite 6.13 for RHEL 8 |
Unaffected:
1:3.5.2.8-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite:6.13::el8 cpe:/a:redhat:satellite_capsule:6.13::el8 cpe:/a:redhat:satellite_utils:6.13::el8 |
|
| Red Hat | Red Hat Satellite 6.14 for RHEL 8 |
Unaffected:
1:3.7.0.8-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 cpe:/a:redhat:satellite_utils:6.14::el8 |
|
| Red Hat | Red Hat Satellite 6.15 for RHEL 8 |
Unaffected:
1:3.9.3.4-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 |
Unaffected:
1:3.12.0.1-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 |
Unaffected:
1:3.12.0.1-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 |
Date Public
2024-09-04 13:14
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T17:16:24.550968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T17:16:34.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/theforeman/puppet-foreman",
"defaultStatus": "unaffected",
"packageName": "puppet-foreman",
"versions": [
{
"lessThan": "22.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.13::el8",
"cpe:/a:redhat:satellite_capsule:6.13::el8",
"cpe:/a:redhat:satellite_utils:6.13::el8"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.13 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.5.2.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.13::el8",
"cpe:/a:redhat:satellite_capsule:6.13::el8",
"cpe:/a:redhat:satellite_utils:6.13::el8"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.13 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.5.2.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.7.0.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.7.0.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.9.3.4-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.9.3.4-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el9",
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.12.0.1-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el9",
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.12.0.1-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el9",
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.12.0.1-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el9",
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.12.0.1-1.el9sat",
"versionType": "rpm"
}
]
}
],
"datePublic": "2024-09-04T13:14:02.531Z",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache\u0027s mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T15:29:25.711Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:6335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6335"
},
{
"name": "RHSA-2024:6336",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6336"
},
{
"name": "RHSA-2024:6337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6337"
},
{
"name": "RHSA-2024:8906",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8906"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-7012"
},
{
"name": "RHBZ#2299429",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299429"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-23T04:51:12.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-09-04T13:14:02.531Z",
"value": "Made public."
}
],
"title": "Puppet-foreman: an authentication bypass vulnerability exists in foreman",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-287: Improper Authentication"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-7012",
"datePublished": "2024-09-04T13:41:17.877Z",
"dateReserved": "2024-07-23T05:02:30.865Z",
"dateUpdated": "2025-11-11T15:29:25.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7050 (GCVE-0-2024-7050)
Vulnerability from cvelistv5 – Published: 2024-07-26 15:14 – Updated: 2024-08-01 21:45
VLAI
Summary
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | OpenText Directory Services |
Affected:
24.2
|
|
| opentext | directory_services |
Affected:
24.2
cpe:2.3:a:opentext:directory_services:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:directory_services:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directory_services",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "24.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T18:17:19.835212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T18:19:33.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:45:38.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0821213"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenText Directory Services",
"vendor": "OpenText",
"versions": [
{
"status": "affected",
"version": "24.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.\u003cp\u003eThis issue affects OpenText Directory Services: 24.2.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:H/SI:L/SA:N/S:N/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:14:57.182Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0821213"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0821213\"\u003ehttps://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0821213\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0821213"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-7050",
"datePublished": "2024-07-26T15:14:57.182Z",
"dateReserved": "2024-07-23T19:16:36.733Z",
"dateUpdated": "2024-08-01T21:45:38.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7395 (GCVE-0-2024-7395)
Vulnerability from cvelistv5 – Published: 2024-08-05 13:16 – Updated: 2025-11-04 16:15
VLAI
Title
Insufficient Authentication
Summary
An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Korenix | JetPort 5601v3 |
Affected:
0 , ≤ 1.2
(custom)
|
|
| korenix | jetport_5601 |
Affected:
0 , ≤ 1.2
(custom)
cpe:2.3:h:korenix:jetport_5601:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:korenix:jetport_5601:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jetport_5601",
"vendor": "korenix",
"versions": [
{
"lessThanOrEqual": "1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T20:31:11.620358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T20:35:18.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:15:53.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Aug/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetPort 5601v3",
"vendor": "Korenix",
"versions": [
{
"lessThanOrEqual": "1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "S. Dietz (CyberDanube)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.\u003cp\u003eThis issue affects JetPort 5601v3: through 1.2.\u003c/p\u003e"
}
],
"value": "An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T13:16:05.964Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"url": "https://cyberdanube.com/de/en-multiple-vulnerabilities-in-korenix-jetport/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-7395",
"datePublished": "2024-08-05T13:16:05.964Z",
"dateReserved": "2024-08-01T21:46:34.268Z",
"dateUpdated": "2025-11-04T16:15:53.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7401 (GCVE-0-2024-7401)
Vulnerability from cvelistv5 – Published: 2024-08-26 16:36 – Updated: 2025-07-23 11:02
VLAI
Title
Client Enrollment Process Bypass
Summary
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.netskope.com/company/security-complia… | vendor-advisory |
| https://docs.netskope.com/en/secure-enrollment/ | patch |
| https://quickskope.com/ | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Netskope | Netskope Client |
Unknown:
All
|
Date Public
2024-08-26 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T17:34:17.761636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T17:35:05.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Netskope Client",
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"status": "unknown",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sander di Wit"
}
],
"datePublic": "2024-08-26T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003eNetskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any."
}
],
"value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:H/SI:H/SA:L/AU:Y/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T11:02:11.214Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001"
},
{
"tags": [
"patch"
],
"url": "https://docs.netskope.com/en/secure-enrollment/"
},
{
"tags": [
"exploit"
],
"url": "https://quickskope.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide - \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/secure-enrollment/\"\u003ehttps://docs.netskope.com/en/secure-enrollment/\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide - https://docs.netskope.com/en/secure-enrollment/"
}
],
"source": {
"advisory": "NSKPSA-2024-001",
"discovery": "USER"
},
"title": "Client Enrollment Process Bypass",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: \u003cbr\u003e\u003cul\u003e\u003cli\u003eEnable device compliance and device classification\u003c/li\u003e\u003cli\u003eCreate a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: \n * Enable device compliance and device classification\n * Create a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2024-7401",
"datePublished": "2024-08-26T16:36:40.915Z",
"dateReserved": "2024-08-02T07:20:21.411Z",
"dateUpdated": "2025-07-23T11:02:11.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7487 (GCVE-0-2024-7487)
Vulnerability from cvelistv5 – Published: 2025-05-22 19:03 – Updated: 2025-05-22 19:23
VLAI
Title
Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication
Summary
An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.
Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.docs.wso2.com/en/latest/security… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| WSO2 | WSO2 Identity Server |
Affected:
7.0.0 , < 7.0.0.65
(custom)
|
|
| WSO2 | Client Attestation Filter |
Affected:
7.0.26 , < 7.0.26.24
(custom)
Unaffected: 7.0.51 , ≤ * (custom) |
|
| WSO2 | WSO2 Carbon Identity Client Attestation Met Data Mgt BE |
Affected:
7.0.78 , < 7.0.78.44
(custom)
Unaffected: 7.1.30 , ≤ * (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T19:23:42.783012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T19:23:58.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WSO2 Identity Server",
"vendor": "WSO2",
"versions": [
{
"lessThan": "7.0.0.65",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "org.wso2.carbon.identity.inbound.auth.oauth2:org.wso2.carbon.identity.client.attestation.filter",
"product": "Client Attestation Filter",
"vendor": "WSO2",
"versions": [
{
"lessThan": "7.0.26.24",
"status": "affected",
"version": "7.0.26",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0.51",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "org.wso2.carbon.identity.framework:org.wso2.carbon.identity.client.attestation.mgt",
"product": "WSO2 Carbon Identity Client Attestation Met Data Mgt BE",
"vendor": "WSO2",
"versions": [
{
"lessThan": "7.0.78.44",
"status": "affected",
"version": "7.0.78",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1.30",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.\u003cbr\u003e\u003cbr\u003eExploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.\u003cbr\u003e"
}
],
"value": "An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.\n\nExploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T19:03:13.414Z",
"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"shortName": "WSO2"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/#solution"
}
],
"source": {
"advisory": "WSO2-2024-3348",
"discovery": "INTERNAL"
},
"title": "Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"assignerShortName": "WSO2",
"cveId": "CVE-2024-7487",
"datePublished": "2025-05-22T19:03:13.414Z",
"dateReserved": "2024-08-05T13:04:03.920Z",
"dateUpdated": "2025-05-22T19:23:58.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7593 (GCVE-0-2024-7593)
Vulnerability from cvelistv5 – Published: 2024-08-13 18:17 – Updated: 2025-10-21 22:55
VLAI
Summary
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://forums.ivanti.com/s/article/Security-Advi… | |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ivanti | vTM |
Unaffected:
22.7R2
(custom)
Unaffected: 22.2R1 (custom) |
|
| ivanti | virtual_traffic_manager |
Affected:
22.7r1 , < 22.7r2
(custom)
Affected: 22.2 , < 22.2r1 (custom) Affected: 22.3 , < 22.3r3 (custom) Affected: 22.3r2 , < 22.3r3 (custom) Affected: 22.6r1 , < 22.6r2 (custom) Affected: 22.5r1 , < 22.5r2 (custom) cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7593",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:45:24.845483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-09-24",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:47.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-24T00:00:00.000Z",
"value": "CVE-2024-7593 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "vTM",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.2R1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:17:47.248Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-7593",
"datePublished": "2024-08-13T18:17:47.248Z",
"dateReserved": "2024-08-07T17:08:33.645Z",
"dateUpdated": "2025-10-21T22:55:47.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7763 (GCVE-0-2024-7763)
Vulnerability from cvelistv5 – Published: 2024-10-24 20:11 – Updated: 2024-10-29 03:55
VLAI
Title
WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability
Summary
In WhatsUp Gold versions released before 2024.0.0,
an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.progress.com/network-monitoring | product |
| https://community.progress.com/s/article/WhatsUp-… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | WhatsUp Gold |
Affected:
2023.1.0 , < 2024.0.0
(semver)
|
|
| progress | whatsup_gold |
Affected:
2023.1.0 , < 2024.0.0
(semver)
cpe:2.3:a:progress:whatsup_gold:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:whatsup_gold:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "whatsup_gold",
"vendor": "progress",
"versions": [
{
"lessThan": "2024.0.0",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T03:55:09.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2024.0.0",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WhatsUp Gold versions released before 2024.0.0,\u0026nbsp;\n\n\u003cspan style=\"background-color: rgba(161, 189, 217, 0.08);\"\u003ean Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "In WhatsUp Gold versions released before 2024.0.0,\u00a0\n\nan Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T20:11:50.614Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/network-monitoring"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-7763",
"datePublished": "2024-10-24T20:11:50.614Z",
"dateReserved": "2024-08-13T18:22:43.153Z",
"dateUpdated": "2024-10-29T03:55:09.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7870 (GCVE-0-2024-7870)
Vulnerability from cvelistv5 – Published: 2024-09-04 08:30 – Updated: 2026-04-08 17:03
VLAI
Title
PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion
Summary
The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| pixelyoursite | PixelYourSite – Your smart PIXEL (TAG) & API Manager |
Affected:
0 , ≤ 9.7.1
(semver)
|
|
| pixelyoursite | PixelYourSite Pro – Your smart PIXEL (TAG) Manager |
Affected:
0 , ≤ 10.4.2
(semver)
|
|
| pixelyoursite | pixelyoursite_pro |
Affected:
0 , ≤ 10.4.2
(semver)
cpe:2.3:a:pixelyoursite:pixelyoursite_pro:*:*:*:*:*:wordpress:*:* |
|
| pixelyoursite | pixelyoursite |
Affected:
0 , ≤ 9.7.1
(semver)
cpe:2.3:a:pixelyoursite:pixelyoursite:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pixelyoursite:pixelyoursite_pro:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "pixelyoursite_pro",
"vendor": "pixelyoursite",
"versions": [
{
"lessThanOrEqual": "10.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:pixelyoursite:pixelyoursite:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "pixelyoursite",
"vendor": "pixelyoursite",
"versions": [
{
"lessThanOrEqual": "9.7.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:08:38.834612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T14:10:13.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PixelYourSite \u2013 Your smart PIXEL (TAG) \u0026 API Manager",
"vendor": "pixelyoursite",
"versions": [
{
"lessThanOrEqual": "9.7.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PixelYourSite Pro \u2013 Your smart PIXEL (TAG) Manager",
"vendor": "pixelyoursite",
"versions": [
{
"lessThanOrEqual": "10.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Grant Grubbs"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PixelYourSite \u2013 Your smart PIXEL (TAG) \u0026 API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:03:26.406Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7fd7a515-6389-4152-8dac-d5497dd94f6d?source=cve"
},
{
"url": "https://github.com/WordpressPluginDirectory/pixelyoursite/blob/main/pixelyoursite/includes/logger/class-pys-logger.php#L126"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pixelyoursite/trunk/includes/class-pys.php#L114"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3143047/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-03T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "PixelYourSite \u2013 Your smart PIXEL (TAG) \u0026 API Manager \u003c= 9.7.1 and PixelYourSite PRO \u003c= 10.4.2 - Unauthenticated Information Exposure and Log Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7870",
"datePublished": "2024-09-04T08:30:37.877Z",
"dateReserved": "2024-08-15T23:51:21.000Z",
"dateUpdated": "2026-04-08T17:03:26.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.