CVE-2024-42504

Summary

A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard EnterpriseHPE IceWall Agent productsIceWall Federation Agent < 4.0affected
Hewlett Packard EnterpriseHPE IceWall Agent productsIceWall Gen11 Enterprise Edition < 11affected
Hewlett Packard EnterpriseHPE IceWall Agent productsIceWall SSO Agent Option < 10affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References