CVE-2024-48950

Published: Nov 7, 2024Modified: Apr 18, 2025

7.5

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.

Affected (1)

Products: Logpoint: Siem

Logpoint

1 product

Siem

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Logpoint Siem	Before 7.5.0

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (3)

https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/

Source: cve@mitre.org

Release Notes

https://servicedesk.logpoint.com/hc/en-us/articles/21968264954525-Authentication-and-CSRF-bypass-leading-to-unauthorized-access

Source: cve@mitre.org

Vendor Advisory

https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security

Source: cve@mitre.org

Product

Timeline

No history available yet.