An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol information.
History

Thu, 24 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Oneidentity
Oneidentity safeguard For Privileged Sessions
Weaknesses CWE-319
CPEs cpe:2.3:a:oneidentity:safeguard_for_privileged_sessions:*:*:*:*:*:*:*:*
Vendors & Products Oneidentity
Oneidentity safeguard For Privileged Sessions
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 24 Oct 2024 05:30:00 +0000

Type Values Removed Values Added
Description An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol information.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-10-24T00:00:00

Updated: 2024-10-24T14:14:18.812Z

Reserved: 2024-07-06T00:00:00

Link: CVE-2024-40595

cve-icon Vulnrichment

Updated: 2024-10-24T14:14:10.225Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-24T06:15:11.703

Modified: 2024-10-25T12:56:07.750

Link: CVE-2024-40595

cve-icon Redhat

No data.