CVE-2024-48953

Severity CVSS v4.0:
Pending analysis
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
07/11/2024
Last modified:
30/04/2025

Description

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:* 7.5.0 (excluding)