Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
SecurEnvoy MFA
- before 9.4.514
Source
cve@mitre.org
Tags
CVE-2024-37393 details
Published : June 10, 2024, 8:15 p.m.
Last Modified : June 10, 2024, 8:54 p.m.
Last Modified : June 10, 2024, 8:54 p.m.
Description
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/ad2ce8fa-42a0-4371-ad18-5d1d1c488b22 | cve@mitre.org |
| https://securenvoy.com/support/ | cve@mitre.org |
| https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393 | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.