Arbitrary Authentication Attempts Vulnerability
CVE-2024-28022

6.5MEDIUM

Key Information:

Vendor: Hitachi
Status: Foxman-un; Unem
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-28022?

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.

Affected Version(s)

FOXMAN-UN FOXMAN-UN R16B

FOXMAN-UN FOXMAN-UN R15B

FOXMAN-UN FOXMAN-UN R16A

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Feb 29, 2024

Hitachi

What is CVE-2024-28022?

Affected Version(s)

References

CVSS V3.1

Timeline