An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected. 
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2024-05-14T08:09:24.900Z

Updated: 2024-08-02T00:48:49.289Z

Reserved: 2024-03-05T08:10:25.696Z

Link: CVE-2024-28134

cve-icon Vulnrichment

Updated: 2024-08-02T00:48:49.289Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-14T16:16:37.623

Modified: 2024-11-21T09:05:53.260

Link: CVE-2024-28134

cve-icon Redhat

No data.