CVE-2024-40595

EUVD-2024-38531
An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
oneidentitysafeguard_for_privileged_sessions
𝑥
< 7.5.1
ADP
oneidentitysafeguard_for_privileged_sessions
𝑥
< 7.0.5.1_lts
ADP
Common Weakness Enumeration
References
https://support.oneidentity.com/kb/4376565/cve-2024-40595-authentication-bypass-vulnerability