FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-36457

Missing Authentication for Critical Function (CWE-306)

Published: Jul 15, 2024 / Updated: 4mo ago

010
CVSS 5.3EPSS 0.04%Medium
CVE info copied to clipboard

The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-36457

Jul 15, 2024 at 2:15 PM
First Article

Feedly found the first article mentioning CVE-2024-36457. See article

Jul 15, 2024 at 2:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 15, 2024 at 2:36 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.3%)

Jul 16, 2024 at 9:58 AM
CVSS

A CVSS base score of 5.3 has been assigned.

Oct 28, 2024 at 9:01 PM / nvd
Static CVE Timeline Graph

Affected Systems

Apache
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

Broadcom Urges Immediate Patching for Critical Symantec PAM Vulnerabilities
Vulnerability Archives • Cybersecurity News / 4mo
Broadcom, the cybersecurity giant behind Symantec Privileged Access Manager ( PAM ), has issued a critical security advisory, urging users to apply the latest cumulative hotfix (4.1.7.50) to protect their systems from multiple severe vulnerabilities. These flaws could allow attackers to execute remote commands, bypass authentication, escalate privileges, and exploit various other security weaknesses within the PAM platform.
CVE-2024-36457
Updated CVEs from Tenable / 4mo
Critical Severity Description The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. Read more at https://www.tenable.com/cve/CVE-2024-36457
NA - CVE-2024-36457 - The vulnerability allows an attacker to bypass...
Security-Database Alerts Monitor : Last 100 Alerts / 4mo
The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint.
CVE-2024-36457 | Broadcom Symantec Privileged Access Management up to 3.4.6/4.1.7 PAM Endpoint improper authentication
VulDB Recent Entries / 4mo
A vulnerability was found in Broadcom Symantec Privileged Access Management up to 3.4.6/4.1.7 . It has been classified as critical . Affected is an unknown function of the component PAM Endpoint . The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-36457 . It is possible to launch the attack remotely. There is no exploit available.
CVE-2024-36457 - Apache PAM Authentication Bypass
Latest Vulnerabilities / 4mo
CVE ID : CVE-2024-36457 Published : July 15, 2024, 2:15 p.m. 20 minutes ago Description : The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 5 more articles and social media posts

CVSS V3.1

Unknown

Categories

CWE-306(1267)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial