9.1
CVE-2024-45523
- EPSS 0.55%
- Published 18.09.2024 18:15:06
- Last modified 20.09.2024 14:35:11
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorhitachi
≫
Product
id_bravura_security_fabric
Default Statusunknown
Version <
12.3.5.32784
Version
12.3.0
Status
affected
Version <
12.4.3.35110
Version
12.4.0
Status
affected
Version <
12.5.2.35950
Version
12.5.0
Status
affected
Version <
12.6.2.37183
Version
12.6.0
Status
affected
Version <
12.7.1.38241
Version
12.7.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.67 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.