CVE-2024-48953

Published: Nov 7, 2024Modified: Apr 30, 2025

7.5

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.

Affected (1)

Products: Logpoint: Siem

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Logpoint Siem	Before 7.5.0

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (3)

https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/

Source: cve@mitre.org

Release Notes

https://servicedesk.logpoint.com/hc/en-us/articles/21968899128221-Authentication-Bypass-using-URL-endpoints-in-the-Authentication-Modules

Source: cve@mitre.org

Vendor Advisory

https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security

Source: cve@mitre.org

Product

Timeline

No history available yet.