A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that
if exploited allows a malicious user to perform an arbitrary number
of authentication attempts using different passwords, and
eventually gain access to the targeted account.
References
Link | Resource |
---|---|
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true | Vendor Advisory |
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Aug 2024, 21:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true - Vendor Advisory | |
References | () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.6 |
First Time |
Hitachienergy unem
Hitachienergy Hitachienergy foxman-un |
|
CPE | cpe:2.3:a:hitachienergy:foxman-un:r16b:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:foxman-un:r15b:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:* |
13 Jun 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jun 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-11 19:16
Updated : 2024-08-15 21:44
NVD link : CVE-2024-28022
Mitre link : CVE-2024-28022
CVE.ORG link : CVE-2024-28022
JSON object : View
Products Affected
hitachienergy
- foxman-un
- unem
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts