CVE Vulnerabilities

CVE-2024-34399

Improper Authentication

Published: Sep 18, 2024 | Modified: Sep 20, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

UNSUPPORTED WHEN ASSIGNED An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version for this vulnerability is 7.6.04 only.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Potential Mitigations

References