CVE-2024-28022
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that
if exploited allows a malicious user to perform an arbitrary number
of authentication attempts using different passwords, and
eventually gain access to the targeted account.
Existe una vulnerabilidad en el servidor/APIGateway de FOXMAN-UN/UNEM que, si se explota, permite a un usuario malintencionado realizar un número arbitrario de intentos de autenticación utilizando diferentes contraseñas y, finalmente, obtener acceso a la cuenta objetivo.
A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of
authentication attempts using different passwords, and eventually
gain access to other components in the same security realm using
the targeted account.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-29 CVE Reserved
- 2024-06-11 CVE Published
- 2024-08-16 EPSS Updated
- 2024-10-29 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hitachi Energy Search vendor "Hitachi Energy" | UNEM Search vendor "Hitachi Energy" for product "UNEM" | 16 Search vendor "Hitachi Energy" for product "UNEM" and version "16" | en |
Affected
| ||||||
| Hitachi Energy Search vendor "Hitachi Energy" | UNEM Search vendor "Hitachi Energy" for product "UNEM" | 15 Search vendor "Hitachi Energy" for product "UNEM" and version "15" | en |
Affected
| ||||||