CVE-2024-2244 MEDIUM

Published: 2024-03-27 | Last Modified: 2026-04-15 | Status: Deferred

Description

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations.

Additional Descriptions (1)

Anomalía de autenticación del servicio REST con una combinación de credenciales de “nombre de usuario válido/sin contraseña” para el procesamiento de trabajos por lotes, lo que da como resultado una invocación exitosa del servicio. La anomalía no existe con otras combinaciones de credenciales.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	LOW
Availability Impact	NONE

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 1.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-287

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000195&languageCode=en&Preview=true
Source: [email protected]
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000195&languageCode=en&Preview=true
Source: af854a3a-2127-422b-91ae-364da2661108