CVE-2024-4332

June 3, 2024, 7:23 p.m.

Product(s) Impacted

Tripwire Enterprise

  • 9.1.0

Description

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.

Weaknesses

Date

Published: June 3, 2024, 6:15 p.m.

Last Modified: June 3, 2024, 7:23 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

df4dee71-de3a-4139-9588-11b62fe6c0ff

References

https://www.fortra.com/security/advisory/fi-2024-006
df4dee71-de3a-4139-9588-11b62fe6c0ff