CVE-2024-4332
June 3, 2024, 7:23 p.m.
Tags
Product(s) Impacted
Tripwire Enterprise
- 9.1.0
Description
An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.
Weaknesses
Date
Published: June 3, 2024, 6:15 p.m.
Last Modified: June 3, 2024, 7:23 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
df4dee71-de3a-4139-9588-11b62fe6c0ff