CVE-2024-5716

Опубликовано: 22 нояб. 2024

Источник: nvd

CVSS3: 8.6

CVSS3: 9.8

EPSS Низкий

Описание

The specific flaw exists within the password reset mechanism. The issue results from the lack of restriction of excessive authentication attempts. An attacker can leverage this vulnerability to reset a user's password and bypass authentication on the system. Was ZDI-CAN-24164.

Ссылки

https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes
Patch
https://www.zerodayinitiative.com/advisories/ZDI-24-616/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:logsign:unified_secops_platform:*:*:*:*:*:*:*:*

Версия от 6.4.6 (включая) до 6.4.8 (исключая)

EPSS

Процентиль: 48%

0.00248

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-pvx5-6vgm-chjx

CVSS3: 8.6

github

около 1 года назад

Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password reset mechanism. The issue results from the lack of restriction of excessive authentication attempts. An attacker can leverage this vulnerability to reset a user's password and bypass authentication on the system. Was ZDI-CAN-24164.

EPSS

Процентиль: 48%

0.00248

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307