PT-2024-37093 · Logsign · Logsign Unified Secops Platform
Mdisec
+1
·
Published
2024-06-12
·
Updated
2024-11-24
·
CVE-2024-5716
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Logsign Unified SecOps Platform (affected versions not specified)
Description:
The issue is related to an authentication bypass vulnerability in the Logsign Unified SecOps Platform. This vulnerability allows remote attackers to bypass authentication on affected installations. The specific flaw exists within the password reset mechanism, which lacks restriction of excessive authentication attempts. An attacker can leverage this vulnerability to reset a user's password and bypass authentication on the system.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logsign Unified Secops Platform