CVE-2024-42462

Published: Aug 16, 2024Modified: Oct 3, 2025

10.0

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: 80f39f49-2521-4ee7-9e17-af5d55e8032f (Secondary)

Description

Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.

Affected (1)

Products: Upkeeper: Upkeeper Manager

1 product

Upkeeper Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Upkeeper Upkeeper Manager	Before 5.1.10

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://support.upkeeper.se/hc/en-us/articles/15432045399452-CVE-2024-42462-Bypass-multifactor-authentication

Source: 80f39f49-2521-4ee7-9e17-af5d55e8032f

Vendor Advisory

Timeline

No history available yet.