sso-single-sign-on
Corrigido em
1.1
CVE-2024-4228 describes a critical SQL Injection vulnerability discovered in Magarsus Consultancy SSO. This flaw allows attackers to potentially extract sensitive information from the database. The vulnerability affects versions 1.0 through 1.1 of the SSO software. A patch is available in version 1.1.
The SQL Injection vulnerability in Magarsus Consultancy SSO poses a significant risk to organizations using this software. An attacker could exploit this flaw to bypass authentication mechanisms and gain unauthorized access to the underlying database. This could lead to the exfiltration of sensitive data, including user credentials, configuration details, and potentially other confidential information. Successful exploitation could also allow for modification or deletion of data within the database, leading to disruption of services and potential data loss. The impact is particularly severe given the critical CVSS score of 9.8, indicating a high likelihood of exploitation and significant potential damage.
CVE-2024-4228 was publicly disclosed on 2024-06-26. As of this date, there are no publicly known proof-of-concept exploits available. The vulnerability is listed on the NVD and CISA advisories. The EPSS score is likely to be assessed as medium to high due to the critical CVSS score and the potential for significant data exfiltration.
Organizations utilizing Magarsus Consultancy SSO versions 1.0 and 1.1, particularly those with sensitive data stored in the SSO database, are at significant risk. Shared hosting environments where multiple users share the same SSO instance are also particularly vulnerable.
disclosure
Status do Exploit
EPSS
0.21% (percentil 43%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-4228 is to immediately upgrade to version 1.1 of Magarsus Consultancy SSO, which contains the fix. If upgrading is not immediately feasible, consider implementing temporary workarounds such as input validation and parameterized queries to reduce the attack surface. While not a complete solution, these measures can help to prevent exploitation. Review and restrict database user permissions to limit the potential impact of a successful attack. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection attack on the affected endpoints and verifying that the input is properly sanitized.
Actualice Magarsus Consultancy SSO a la versión 1.1 o posterior. Esta versión contiene la corrección para la vulnerabilidad de inyección SQL. Consulte el aviso de seguridad del proveedor para obtener más detalles sobre la actualización.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-4228 is a critical SQL Injection vulnerability affecting Magarsus Consultancy SSO versions 1.0 through 1.1, allowing attackers to potentially extract sensitive data.
If you are using Magarsus Consultancy SSO version 1.0 or 1.1, you are affected by this vulnerability and should upgrade immediately.
The recommended fix is to upgrade to version 1.1 of Magarsus Consultancy SSO. Implement temporary workarounds like input validation if immediate upgrade is not possible.
As of the current date, there are no publicly known active exploitation campaigns, but the critical severity warrants immediate attention and remediation.
Refer to the Magarsus Consultancy website and relevant security advisories for the official advisory regarding CVE-2024-4228.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.