CVE-2024-45523

EPSS 0.35%
Veröffentlicht 18.09.2024 18:15:06
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerhitachi

≫

Produkt id_bravura_security_fabric

Default Statusunknown

Version 12.3.0

Version < 12.3.5.32784

Status affected

Version 12.4.0

Version < 12.4.3.35110

Status affected

Version 12.5.0

Version < 12.5.2.35950

Status affected

Version 12.6.0

Version < 12.6.2.37183

Status affected

Version 12.7.0

Version < 12.7.1.38241

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.571

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://www.bravurasecurity.com/cve-2024-45523-resource-leak-in-api-after-a-failed-login-attempt

https://nvd.nist.gov/vuln/detail/CVE-2024-45523

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45523

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45523

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45523