UnAuthenticated Bypass Vulnerability in Tripwire Enterprise 9.1.0
CVE-2024-4332

9.3CRITICAL

Key Information:

Vendor: Fortra
Status: Tripwire Enterprise
Vendor: CVE Published:; 3 June 2024

What is CVE-2024-4332?

An authentication bypass vulnerability exists in the REST and SOAP API components of Tripwire Enterprise 9.1.0 when configured for LDAP/Active Directory SAML authentication with the 'Auto-synchronize LDAP Users, Roles, and Groups' feature enabled. Attackers with knowledge of valid usernames can exploit this vulnerability to bypass authentication and gain unauthorized access to the APIs. This can lead to unauthorized information disclosure or modification, posing significant risks to data integrity and security.

Affected Version(s)

Tripwire Enterprise 9.1.0

References

https://www.fortra.com/security/advisory/fi-2024-006

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2024

Fortra

What is CVE-2024-4332?

Affected Version(s)

References

CVSS V4

Timeline