CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r15b:pc4:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r15b:pc5:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r16b:pc2:*:*:*:*:*:*

History

15 Aug 2024, 21:08

Type Values Removed Values Added
References () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true - () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true - Vendor Advisory
CWE CWE-306
First Time Hitachienergy unem
Hitachienergy
Hitachienergy foxman-un
CPE cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r16b:pc2:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r15b:pc4:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r15b:pc5:*:*:*:*:*:*

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de omisión de autenticación en el servidor FOXMAN-UN/UNEM componente API Gateway que, si se explota, permite a atacantes sin ningún acceso interactuar con los servicios y la superficie de ataque posterior a la autenticación.

11 Jun 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-11 14:15

Updated : 2024-08-15 21:08


NVD link : CVE-2024-2013

Mitre link : CVE-2024-2013

CVE.ORG link : CVE-2024-2013


JSON object : View

Products Affected

hitachienergy

  • foxman-un
  • unem
CWE
CWE-306

Missing Authentication for Critical Function

CWE-288

Authentication Bypass Using an Alternate Path or Channel