Lucene search

[email protected]NVD:CVE-2024-28022

HistoryJun 11, 2024 - 7:16 p.m.

CVE-2024-28022

2024-06-1119:16:06

CWE-307

[email protected]

web.nvd.nist.gov

vulnerability

foxman-un

unem

apigateway

malicious access

authentication

exploited

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

17.7%

JSON

A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that
if exploited allows a malicious user to perform an arbitrary number
of authentication attempts using different passwords, and
eventually gain access to the targeted account.

Affected configurations

Nvd

Node

hitachienergyfoxman-unMatchr15a

hitachienergyfoxman-unMatchr15b

hitachienergyfoxman-unMatchr16a

hitachienergyfoxman-unMatchr16b

hitachienergyunemMatchr15a

hitachienergyunemMatchr15b

hitachienergyunemMatchr16a

hitachienergyunemMatchr16b

VendorProductVersionCPE
hitachienergyfoxman-unr15acpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*
hitachienergyfoxman-unr15bcpe:2.3:a:hitachienergy:foxman-un:r15b:*:*:*:*:*:*:*
hitachienergyfoxman-unr16acpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*
hitachienergyfoxman-unr16bcpe:2.3:a:hitachienergy:foxman-un:r16b:*:*:*:*:*:*:*
hitachienergyunemr15acpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
hitachienergyunemr15bcpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
hitachienergyunemr16acpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*
hitachienergyunemr16bcpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachienergy	foxman-un	r15a	cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*
hitachienergy	foxman-un	r15b	cpe:2.3:a:hitachienergy:foxman-un:r15b:::::::*
hitachienergy	foxman-un	r16a	cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*
hitachienergy	foxman-un	r16b	cpe:2.3:a:hitachienergy:foxman-un:r16b:::::::*
hitachienergy	unem	r15a	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
hitachienergy	unem	r15b	cpe:2.3:a:hitachienergy:unem:r15b:::::::*
hitachienergy	unem	r16a	cpe:2.3:a:hitachienergy:unem:r16a:::::::*
hitachienergy	unem	r16b	cpe:2.3:a:hitachienergy:unem:r16b:::::::*

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true

publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-28022

vulnrichment1 cve1 cvelist1