CVE-2024-42466

Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.upkeeper.se/hc/en-us/articles/15432408367260-CVE-2024-42466-Lack-of-resources-and-rate-limiting-login	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:upkeeper:upkeeper_manager:*:*:*:*:*:*:*:*

History

28 Aug 2024, 20:48

Type	Values Removed	Values Added
CPE	cpe:2.3:a:upkeeper_solutions:upkeeper_manager::::::::	cpe:2.3:a:upkeeper:upkeeper_manager::::::::
First Time		Upkeeper upkeeper Manager Upkeeper

28 Aug 2024, 20:22

Type	Values Removed	Values Added
CPE		cpe:2.3:a:upkeeper_solutions:upkeeper_manager::::::::
First Time		Upkeeper Solutions Upkeeper Solutions upkeeper Manager
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://support.upkeeper.se/hc/en-us/articles/15432408367260-CVE-2024-42466-Lack-of-resources-and-rate-limiting-login -~~	() https://support.upkeeper.se/hc/en-us/articles/15432408367260-CVE-2024-42466-Lack-of-resources-and-rate-limiting-login - Vendor Advisory

19 Aug 2024, 13:00

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en el producto upKeeper Solutions, upKeeper Manager, permite el abuso de autenticación. Este problema afecta a upKeeper Manager: hasta 5.1.9.

16 Aug 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-16 14:15

Updated : 2024-08-28 20:48

NVD link : CVE-2024-42466

Mitre link : CVE-2024-42466

CVE.ORG link : CVE-2024-42466

JSON object : View

Products Affected

upkeeper

upkeeper_manager

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

{"id": "CVE-2024-42466", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "80f39f49-2521-4ee7-9e17-af5d55e8032f", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 9.5, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-16T14:15:14.343", "references": [{"url": "https://support.upkeeper.se/hc/en-us/articles/15432408367260-CVE-2024-42466-Lack-of-resources-and-rate-limiting-login", "tags": ["Vendor Advisory"], "source": "80f39f49-2521-4ee7-9e17-af5d55e8032f"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}, {"type": "Secondary", "source": "80f39f49-2521-4ee7-9e17-af5d55e8032f", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9."}, {"lang": "es", "value": "Vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos en el producto upKeeper Solutions, upKeeper Manager, permite el abuso de autenticaci\u00f3n. Este problema afecta a upKeeper Manager: hasta 5.1.9."}], "lastModified": "2024-08-28T20:48:14.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:upkeeper:upkeeper_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B73FC0BE-7AD4-4C24-B884-EDFA4E70B0E0", "versionEndExcluding": "5.1.10"}], "operator": "OR"}]}], "sourceIdentifier": "80f39f49-2521-4ee7-9e17-af5d55e8032f"}