CVE-2024-48953

HIGH

7.5

Descricao

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.

Detalhes CVE

Pontuacao CVSS v3.17.5

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueADJACENT_NETWORK

ComplexidadeHIGH

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado11/7/2024

Ultima modificacao4/30/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

logpoint:siem

Fraquezas (CWE)

CWE-306

Referencias

https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/(cve@mitre.org)

https://servicedesk.logpoint.com/hc/en-us/articles/21968899128221-Authentication-Bypass-using-URL-endpoints-in-the-Authentication-Modules(cve@mitre.org)

https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.