Vulnerability Description: Improper Authentication - CWE-287
Software Version: 7.6.04
NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-34399
CVSS:
Severity:
Credits: Gabriele Duchi, Marco Ventura, Giulio Pellegrini, Massimiliano Brolli
** UNSUPPORTED WHEN ASSIGNED **
An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version for this vulnerability is 7.6.04 only.
Security Impact
By exploiting this vulnerability, an unauthenticated remote attacker can access any user account without using any password.