PT-2024-31680 · Unknown · Bravura Security Fabric
Published
2024-09-18
·
Updated
2024-09-20
·
CVE-2024-45523
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Bravura Security Fabric versions 12.3.x through 12.3.5.32783
Bravura Security Fabric versions 12.4.x through 12.4.3.35109
Bravura Security Fabric versions 12.5.x through 12.5.2.35949
Bravura Security Fabric versions 12.6.x through 12.6.2.37182
Bravura Security Fabric versions 12.7.x through 12.7.1.38240
Description:
An issue was discovered that allows an unauthenticated attacker to cause a resource leak by issuing multiple failed login attempts through the API SOAP endpoint.
Recommendations:
For versions 12.3.x through 12.3.5.32783, update to version 12.3.5.32784 or later.
For versions 12.4.x through 12.4.3.35109, update to version 12.4.3.35110 or later.
For versions 12.5.x through 12.5.2.35949, update to version 12.5.2.35950 or later.
For versions 12.6.x through 12.6.2.37182, update to version 12.6.2.37183 or later.
For versions 12.7.x through 12.7.1.38240, update to version 12.7.1.38241 or later.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bravura Security Fabric