CVE-2024-45523

An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.bravurasecurity.com/cve-2024-45523-resource-leak-in-api-after-a-failed-login-attempt

Configurations

No configuration.

History

20 Sep 2024, 14:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
CWE		CWE-307

20 Sep 2024, 12:30

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en las versiones 12.3.x anteriores a la 12.3.5.32784, 12.4.x anteriores a la 12.4.3.35110, 12.5.x anteriores a la 12.5.2.35950, 12.6.x anteriores a la 12.6.2.37183 y 12.7.x anteriores a la 12.7.1.38241 de Bravura Security Fabric. Un atacante no autenticado puede provocar una fuga de recursos al realizar varios intentos de inicio de sesión fallidos a través de API SOAP.

18 Sep 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-18 18:15

Updated : 2024-09-20 14:35

NVD link : CVE-2024-45523

Mitre link : CVE-2024-45523

CVE.ORG link : CVE-2024-45523

JSON object : View

Products Affected

No product.

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

9.1 /10