Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-37393

June 10, 2024, 8:54 p.m.

Product(s) Impacted

SecurEnvoy MFA

  • before 9.4.514

Description

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.

Weaknesses

Date

Published: June 10, 2024, 8:15 p.m.

Last Modified: June 10, 2024, 8:54 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References