Broken Access Control in Wazuh SIEM by Wazuh Inc.
CVE-2024-57378

Currently unrated

Key Information:

Vendor: Wazuh Inc.
Status: Wazuh SIEM
Vendor: CVE Published:; 13 February 2025

What is CVE-2024-57378?

Wazuh SIEM version 4.8.2 contains a vulnerability that allows unauthorized users to create internal accounts without the necessity of assigning any predefined user roles. This flaw can potentially lead to unauthorized access to sensitive resources within the system and facilitate privilege escalation.

References

https://github.com/bappe-sarker/Vulnerability-Research/tr...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Jan 9, 2025