← Back to CVE List

CVE-2024-4332

Published: 2024-06-03T18:15Z
Last Modified: 2024-11-21T09:42Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt