9

CVE-2024-2005

EPSS 0.45%
Veröffentlicht 06.03.2024 12:15:45
Zuletzt bearbeitet 13.11.2025 16:42:15
Quelle 7bd90cf1-1651-495e-9ae8-9415fb
CVE-Watchlists
Login
Unerledigt
Login

SAML implementation allows privilege escalation

In Blue Planet®  products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.

Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ciena ≫ Blue Planet Inventory Version <= 22.12

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.359

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8	2.1	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7bd90cf1-1651-495e-9ae8-9415fb3c9feb	9	2.3	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.ciena.com/product-security

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2024-2005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2005

EUVD