CVE-2024-45589
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-45589 identifies a vulnerability in RapidIdentity LTS versions up to 2023.0.2 and Cloud versions up to 2024.08.0, which improperly restricts excessive authentication attempts, allowing remote attackers to trigger a denial of service through the username parameters. This vulnerability has a medium severity rating with a CVSS base score of 6.5 and is characterized by low attack complexity and low privileges required for exploitation. Affected organizations may experience significant availability impacts due to potential denial-of-service attacks, compromising the accessibility of their services. To remediate this issue, it is recommended that organizations upgrade to the latest versions of RapidIdentity products as specified in the release notes linked in the references. Failure to address this vulnerability may leave organizations exposed to service interruptions and operational challenges.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.