CyberSecurityBoard
Sponsor Register Login

CVE-2024-4332

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.

Publication date: Mon, 03 Jun 2024 18:15:00 +0000


Cyber News related to CVE-2024-4332

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
1 year ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
CVE-2024-4332 - An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, ...
1 year ago
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
2 years ago Cisa.gov
CVE-2005-4825 - Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain ...
7 years ago
CVE-2009-4332 - db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. Per: ...
15 years ago
CVE-2011-4332 - Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
14 years ago
CVE-2012-4332 - The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK. ...
13 years ago
CVE-2006-4332 - Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. ...
8 years ago
CVE-2007-4332 - SQL injection vulnerability in article.php in Article Dashboard, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action. NOTE: the provenance of this information is ...
8 years ago
CVE-2008-4332 - SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php. ...
8 years ago
CVE-2016-4332 - The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library ...
8 years ago
CVE-2010-4332 - Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. ...
2 years ago
CVE-2005-4332 - Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) ...
7 years ago
CVE-2018-4332 - A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. ...
6 years ago
CVE-2013-4332 - Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) ...
2 years ago
CVE-2021-4332 - The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box ...
2 years ago
CVE-2022-4332 - In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus ...
2 years ago
CVE-2023-4332 - Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file ...
2 years ago
CVE-2015-4332 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none ...
56 years ago Tenable.com
CVE-2017-4332 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
56 years ago Tenable.com
CVE-2025-4332 - A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The manipulation of the argument editid leads to sql ...
10 months ago
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com
The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
2 years ago Securityboulevard.com
CVE-2024-9256 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)