CVE-2024-2005

Опубликовано: 06 мар. 2024

Источник: nvd

CVSS3: 9

CVSS3: 8

EPSS Низкий

Описание

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.

Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

Ссылки

https://www.ciena.com/product-security
Not Applicable
https://www.ciena.com/product-security
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ciena:blue_planet_inventory:*:*:*:*:*:*:*:*

Версия до 22.12 (включая)

EPSS

Процентиль: 23%

0.00073

Низкий

9 Critical

CVSS3

8 High

CVSS3

Дефекты

CWE-269

NVD-CWE-noinfo

Связанные уязвимости

GHSA-j7p2-m4ff-pw4r

CVSS3: 9

github

почти 2 года назад

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

EPSS

Процентиль: 23%

0.00073

Низкий

9 Critical

CVSS3

8 High

CVSS3

Дефекты

CWE-269

NVD-CWE-noinfo