Arbitrary Authentication Attempts Vulnerability

CVE-2024-28022

6.5MEDIUM

Key Information

Vendor: Hitachi
Status: Foxman-un; Unem
Vendor: CVE Published:; 11 June 2024

Summary

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.

Affected Version(s)

FOXMAN-UN = FOXMAN-UN R16B

FOXMAN-UN = FOXMAN-UN R15B

FOXMAN-UN = FOXMAN-UN R16A

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Jun 11, 2024
Vulnerability Reserved.
Feb 29, 2024

Collectors

NVD DatabaseMitre Database