// For flags

CVE-2024-2244

 

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations.

Anomalía de autenticación del servicio REST con una combinación de credenciales de “nombre de usuario válido/sin contraseña” para el procesamiento de trabajos por lotes, lo que da como resultado una invocación exitosa del servicio. La anomalía no existe con otras combinaciones de credenciales.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-03-07 CVE Reserved
  • 2024-03-27 CVE Published
  • 2024-03-27 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
  • CAPEC-551: Modify Existing Service
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hitachi Energy
Search vendor "Hitachi Energy"
 Asset Suite EAM
Search vendor "Hitachi Energy" for product "Asset Suite EAM"
 >= 9.6.3.0 < 9.6.3.13
Search vendor "Hitachi Energy" for product "Asset Suite EAM" and version " >= 9.6.3.0 < 9.6.3.13"
en
Affected
Hitachi Energy
Search vendor "Hitachi Energy"
 Asset Suite EAM
Search vendor "Hitachi Energy" for product "Asset Suite EAM"
 >= 9.6.4.0 < 9.6.4.1
Search vendor "Hitachi Energy" for product "Asset Suite EAM" and version " >= 9.6.4.0 < 9.6.4.1"
en
Affected