Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvdDf4dee71-de3a-4139-9588-11b62fe6c0ffNVD:CVE-2024-4332
HistoryJun 03, 2024 - 6:15 p.m.

CVE-2024-4332

2024-06-0318:15:09
CWE-303
df4dee71-de3a-4139-9588-11b62fe6c0ff
web.nvd.nist.gov
1
tripwire enterprise
authentication bypass
api
ldap/active directory
saml
remote attackers
information disclosure

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional β€œAuto-synchronize LDAP Users, Roles, and Groups” feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.

Related

cve 1
vulnrichment 1
cvelist 1
cve
cve
CVE-2024-4332
2024-06-03 18:15:09
vulnrichment
vulnrichment
CVE-2024-4332 Improper Authentication in Tripwire Enterprise 9.1.0 APIs
2024-06-03 17:38:54
cvelist
cvelist
CVE-2024-4332 Improper Authentication in Tripwire Enterprise 9.1.0 APIs
2024-06-03 17:38:54

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for NVD:CVE-2024-4332
cve1vulnrichment1cvelist1