CVE-2024-5620 (GCVE-0-2024-5620)
Vulnerability from cvelistv5 – Published: 2024-07-18 17:00 – Updated: 2024-08-01 21:18
VLAI?
Title
Authentication Bypass in PruvaSoft Informatics' Apinizer Management Console
Summary
Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.This issue affects Apinizer Management Console: before 2024.05.1.
Severity ?
6.5 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PruvaSoft Informatics | Apinizer Management Console |
Affected:
0 , < 2024.05.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apinizer:apinizer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "apinizer",
"vendor": "apinizer",
"versions": [
{
"lessThan": "2024.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T17:26:20.582793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T17:33:55.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-1010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apinizer Management Console",
"vendor": "PruvaSoft Informatics",
"versions": [
{
"lessThan": "2024.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Musa ATALAY"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.\u003cp\u003eThis issue affects Apinizer Management Console: before 2024.05.1.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.This issue affects Apinizer Management Console: before 2024.05.1."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T17:00:20.458Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1010"
}
],
"source": {
"advisory": "TR-24-1010",
"defect": [
"TR-24-1010"
],
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass in PruvaSoft Informatics\u0027 Apinizer Management Console",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-5620",
"datePublished": "2024-07-18T17:00:20.458Z",
"dateReserved": "2024-06-04T08:05:45.291Z",
"dateUpdated": "2024-08-01T21:18:06.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-5620",
"date": "2026-04-26",
"epss": "0.00061",
"percentile": "0.18762"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.This issue affects Apinizer Management Console: before 2024.05.1.\"}, {\"lang\": \"es\", \"value\": \"Omisi\\u00f3n de autenticaci\\u00f3n mediante una vulnerabilidad de canal o ruta alternativa en PruvaSoft Informatics Apinizer Management Console permite la omisi\\u00f3n de autenticaci\\u00f3n. Este problema afecta a Apinizer Management Console: antes de 2024.05.1.\"}]",
"id": "CVE-2024-5620",
"lastModified": "2024-11-21T09:48:01.930",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"iletisim@usom.gov.tr\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}]}",
"published": "2024-07-18T17:15:06.187",
"references": "[{\"url\": \"https://www.usom.gov.tr/bildirim/tr-24-1010\", \"source\": \"iletisim@usom.gov.tr\"}, {\"url\": \"https://www.usom.gov.tr/bildirim/tr-24-1010\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "iletisim@usom.gov.tr",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"iletisim@usom.gov.tr\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-288\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-5620\",\"sourceIdentifier\":\"iletisim@usom.gov.tr\",\"published\":\"2024-07-18T17:15:06.187\",\"lastModified\":\"2024-11-21T09:48:01.930\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.This issue affects Apinizer Management Console: before 2024.05.1.\"},{\"lang\":\"es\",\"value\":\"Omisi\u00f3n de autenticaci\u00f3n mediante una vulnerabilidad de canal o ruta alternativa en PruvaSoft Informatics Apinizer Management Console permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a Apinizer Management Console: antes de 2024.05.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"iletisim@usom.gov.tr\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"iletisim@usom.gov.tr\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]}],\"references\":[{\"url\":\"https://www.usom.gov.tr/bildirim/tr-24-1010\",\"source\":\"iletisim@usom.gov.tr\"},{\"url\":\"https://www.usom.gov.tr/bildirim/tr-24-1010\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.usom.gov.tr/bildirim/tr-24-1010\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:18:06.621Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-5620\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-18T17:26:20.582793Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apinizer:apinizer:*:*:*:*:*:*:*:*\"], \"vendor\": \"apinizer\", \"product\": \"apinizer\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2024.05.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-18T17:33:51.695Z\"}}], \"cna\": {\"title\": \"Authentication Bypass in PruvaSoft Informatics\u0027 Apinizer Management Console\", \"source\": {\"defect\": [\"TR-24-1010\"], \"advisory\": \"TR-24-1010\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Musa ATALAY\"}], \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"PruvaSoft Informatics\", \"product\": \"Apinizer Management Console\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2024.05.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.usom.gov.tr/bildirim/tr-24-1010\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.This issue affects Apinizer Management Console: before 2024.05.1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.\u003cp\u003eThis issue affects Apinizer Management Console: before 2024.05.1.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-288\", \"description\": \"CWE-288 Authentication Bypass Using an Alternate Path or Channel\"}]}], \"providerMetadata\": {\"orgId\": \"ca940d4e-fea4-4aa2-9a58-591a58b1ce21\", \"shortName\": \"TR-CERT\", \"dateUpdated\": \"2024-07-18T17:00:20.458Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-5620\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:18:06.621Z\", \"dateReserved\": \"2024-06-04T08:05:45.291Z\", \"assignerOrgId\": \"ca940d4e-fea4-4aa2-9a58-591a58b1ce21\", \"datePublished\": \"2024-07-18T17:00:20.458Z\", \"assignerShortName\": \"TR-CERT\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…