nvd-json-data-feeds/CVE-2024/CVE-2024-43xx/CVE-2024-4332.json

{
  "id": "CVE-2024-4332",
  "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
  "published": "2024-06-03T18:15:09.060",
  "lastModified": "2024-06-03T19:23:17.807",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional \"Auto-synchronize LDAP Users, Roles, and Groups\" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en los componentes API REST y SOAP de Tripwire Enterprise (TE) 9.1.0 cuando TE est\u00e1 configurado para usar autenticaci\u00f3n SAML LDAP/Active Directory y su opci\u00f3n \"Sincronizar autom\u00e1ticamente usuarios, roles y grupos LDAP\" La funci\u00f3n est\u00e1 habilitada. Esta vulnerabilidad permite a atacantes no autenticados eludir la autenticaci\u00f3n si conocen un nombre de usuario v\u00e1lido. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a atacantes remotos obtener acceso privilegiado a las API y provocar la divulgaci\u00f3n o modificaci\u00f3n no autorizada de informaci\u00f3n."
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-303"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.fortra.com/security/advisory/fi-2024-006",
      "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"
    }
  ]
}