How severe is CVE-2024-4332?

This vulnerability has a severity rating of CRITICAL with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-4332?

This is classified as CWE-303, which is a common weakness in software security.

CVE-2024-4332 - CRITICAL Severity | CVSS N/A

Vulnerability Description

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.

Related Vulnerabilities

CVE-2022-20695

CRITICAL

CVSS:10.0(Critical)

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the ...

CWE-3032022

CVE-2018-4841

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device wi...

CWE-3032018

CVE-2021-32691

CRITICAL

CVSS:9.8(Critical)

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their ba...

CWE-3032021

CVE-2022-20923

CRITICAL

CVSS:9.8(Critical)

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authent...

CWE-3032022

CVE-2023-29129

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix...

CWE-3032023

CVE-2023-29357

CRITICAL

CVSS:9.8(Critical)

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CWE-3032023