Security News > 2024 > September > Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to the virtual appliance. “Once an attacker has gained an authenticated administrative session on the appliance, they can carry out any action that a legitimate administrator user would be capable of. This includes the ability to reconfigure settings on the appliance, or modify policies to allow … More → The post Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/19/cve-2024-45488/
Related news
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) (source)
- Ivanti warns of critical vTM auth bypass with public exploit (source)
- Critical SAP flaw allows remote attackers to bypass authentication (source)
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)
- GitHub Enterprise Server vulnerable to critical auth bypass flaw (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-30 | CVE-2024-45488 | One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. | 0.0 |