CVE-2024-2244 MEDIUM

CVE-2024-2244

Vendor Hitachi Energy
Product Asset Suite EAM
Weakness CWE-287 · Improper authentication
Published March 27, 2024
Last update August 6, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations.

Key dates

02Disclosure timeline

March 27, 2024 CVE published
August 6, 2024 Record updated