CVE Vulnerabilities

CVE-2024-5322

Authentication Bypass Using an Alternate Path or Channel

Published: Jul 01, 2024 | Modified: Sep 08, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass.

This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.

Weakness

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
N-central N-able * 2024.3 (excluding)

Potential Mitigations

References