Fortra Tripwire Enterprise Authentication Bypass Vulnerability (CVE-2024-4332)

Fortra released a security advisory to address a vulnerability impacting Tripwire Enterprise. Tracked as CVE-2024-4332, the vulnerability has been given a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability could allow remote attackers to gain privileged access to the APIs.

Tripwire Enterprise is a security configuration management (SCM) suite that helps organizations ensure that their systems are configured and compliant with internal and external policies such as configuration assessment, change identification, policy management, and reporting.

Vulnerability Details

The vulnerability exists in the REST and SOAP API components of Tripwire Enterprise. The vulnerability is only exploitable when Tripwire Enterprise is configured to use LDAP/Active Directory SAML authentication and its optional Auto-synchronize LDAP Users, Roles, and Groups feature is enabled. Successful exploitation may lead to unauthorized information disclosure or modification in some cases.

Affected Versions

The vulnerability impacts Tripwire Enterprise version 9.1.0.

NOTE: The vulnerability does not affect Tripwire ExpertOps.

Mitigation

Customers must upgrade to Tripwire Enterprise 9.1.1 or later to patch the vulnerability.

For more information, please refer to the Fortra Security Advisory (FI-2024-006).

Qualys Detection

Qualys customers can scan their devices with QID 731572 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://www.fortra.com/security/advisory/fi-2024-006

Leave a Reply

Your email address will not be published. Required fields are marked *