How severe is CVE-2024-41107?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-41107?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2024-41107 - HIGH Severity | CVSS 8.1

Vulnerability Description

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.

Related Vulnerabilities

CVE-2017-16897

HIGH

CVSS:8.1(High)

A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate thei...

CWE-2902017

CVE-2020-2002

HIGH

CVSS:8.1(High)

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distri...

CWE-2902020

CVE-2021-31209

HIGH

CVSS:8.1(High)

Microsoft Exchange Server Spoofing Vulnerability

CWE-2902021

CVE-2022-0030

HIGH

CVSS:8.1(High)

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impers...

CWE-2902022

CVE-2022-30319

HIGH

CVSS:8.1(High)

Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected...

CWE-2902022

CVE-2022-32747

HIGH

CVSS:8.1(High)

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the loca...

CWE-2902022