216.73.216.86

CVE-2024-46937

· Published 16/09/2024 13:15 · Modified 20/09/2024 16:37

Labels: CVE-2024-46937 2024-09-16CVE-2024-46937CWE-284CWE-639[email protected]

Essential information

Published
16/09/2024 13:15
Modified
20/09/2024 16:37
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the serial parameter by number identifier: GA00001, GA00002, GA00003, etc.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mfasoft / secure authentication server cpe:2.3:a:mfasoft:secure_authentication_server:*:*:*:*:*:*:*:*

References