PT-2024-28931 · One Identity · One Identity Safeguard For Privileged Sessions (Sps) On Premise

Published

2024-10-24

·

Updated

2024-10-25

·

CVE-2024-40595

CVSS v3.1

5.3

Medium

VectorAV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions One Identity Safeguard for Privileged Sessions (SPS) On Premise versions prior to 7.5.1 One Identity Safeguard for Privileged Sessions (SPS) On Premise LTS versions prior to 7.0.5.1
Description An authentication-bypass issue in the RDP component allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol information.
Recommendations For One Identity Safeguard for Privileged Sessions (SPS) On Premise versions prior to 7.5.1, update to version 7.5.1 or later. For One Identity Safeguard for Privileged Sessions (SPS) On Premise LTS versions prior to 7.0.5.1, update to version 7.0.5.1 or later.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2024-40595

Affected Products

One Identity Safeguard For Privileged Sessions (Sps) On Premise