CVE-2024-10438
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Published: Oct 28, 2024 / Updated: 23d ago
010
CVSS 7.5EPSS 0.09%High
CVE info copied to clipboard
The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Timeline
CVE Assignment
NVD published the first details for CVE-2024-10438
Oct 28, 2024 at 3:15 AM
CVSS
A CVSS base score of 7.5 has been assigned.
Oct 28, 2024 at 3:15 AM / nvd
First Article
Feedly found the first article mentioning CVE-2024-10438. See article
Oct 28, 2024 at 3:17 AM / Vulners.com RSS Feed
CVSS Estimate
Feedly estimated the CVSS score as HIGH
Oct 28, 2024 at 3:18 AM
EPSS
EPSS Score was set to: 0.09% (Percentile: 37.9%)
Oct 28, 2024 at 10:10 AM
Affected Systems
Sun.net/ehdr_ctms
+null more
Links to Mitre Att&cks
T1083: File and Directory Discovery
+null more
Attack Patterns
CAPEC-127: Directory Indexing
+null more
News
cveNotify : 🚨 CVE-2024-10438The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.🎖@cveNotify
cveNotify : 🚨 CVE-2024-10438The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.🎖@cveNotify
CVE-2024-10438
High Severity Description The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities. Read more at https://www.tenable.com/cve/CVE-2024-10438
High - CVE-2024-10438 - The eHRD CTMS from Sunnet has an Authentication...
The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain...
CVE-2024-10438 | Sunnet eHRD CTMS up to 10.13 authentication bypass
A vulnerability classified as critical was found in Sunnet eHRD CTMS up to 10.13 . This vulnerability affects unknown code. The manipulation leads to authentication bypass using alternate channel. This vulnerability was named CVE-2024-10438 . The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-10438 - Sunnet eHRD CTMS Authentication Bypass
CVE ID : CVE-2024-10438 Published : Oct. 28, 2024, 3:15 a.m. 22 minutes ago Description : The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities. Severity: 7.5 HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 5 more articles and social media posts