6.5
CVE-2024-28022
- EPSS 0.12%
- Veröffentlicht 11.06.2024 19:16:06
- Zuletzt bearbeitet 29.04.2025 19:40:10
- Quelle cybersecurity@hitachienergy.co
- CVE-Watchlists
- Unerledigt
LoginA vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hitachienergy ≫ Foxman-un Versionr15a
Hitachienergy ≫ Foxman-un Versionr15b
Hitachienergy ≫ Foxman-un Versionr16a
Hitachienergy ≫ Foxman-un Versionr16b
Hitachienergy ≫ Unem Versionr15a
Hitachienergy ≫ Unem Versionr15b
Hitachienergy ≫ Unem Versionr16a
Hitachienergy ≫ Unem Versionr16b
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.311 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.2 | 3.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
|
| cybersecurity@hitachienergy.com | 6.5 | 2.2 | 3.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.