CVE-2024-22441 - Vulnerability Details - OpenCVE

HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hpe	Cray Parallel Application Launch Service

Configuration 1 [-]

OR	cpe:2.3:o:hpe:cray_parallel_application_launch_service::::::::
	cpe:2.3:o:hpe:cray_parallel_application_launch_service::::::::

No data.

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04653en_us&docLocale=en_US

History

Tue, 25 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 05 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hpe Hpe cray Parallel Application Launch Service
Weaknesses		CWE-287
CPEs		cpe:2.3:o:hpe:cray_parallel_application_launch_service::::::::
Vendors & Products		Hpe Hpe cray Parallel Application Launch Service
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2024-06-13T15:23:19.669Z

Updated: 2025-03-25T16:30:45.476Z

Reserved: 2024-01-10T15:24:39.967Z

Link: CVE-2024-22441

Vulnrichment

Updated: 2024-08-01T22:43:34.897Z

NVD

Status : Modified

Published: 2024-06-13T16:15:10.493

Modified: 2025-03-25T17:15:49.813

Link: CVE-2024-22441

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22441", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2024-01-10T15:24:39.967Z", "datePublished": "2024-06-13T15:23:19.669Z", "dateUpdated": "2025-03-25T16:30:45.476Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass."}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "Cray System Management Software - PALS", "defaultStatus": "unaffected", "versions": [{"version": "1.0.0", "status": "affected", "lessThanOrEqual": "1.3.2", "versionType": "custom"}, {"version": "1.3.0", "status": "affected", "lessThanOrEqual": "1.3.2", "versionType": "custom"}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04653en_us&docLocale=en_US"}], "x_generator": {"engine": "cveClient/1.0.15"}, "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2024-06-13T15:25:48.322Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.897Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04653en_us&docLocale=en_US", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22441", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-19T17:14:49.519673Z"}}}, {"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T16:30:45.476Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04653en_us&docLocale=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.897Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22441", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-19T17:14:49.519673Z"}}}, {"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T17:15:03.568Z"}}], "cna": {"affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "Cray System Management Software - PALS", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "custom", "lessThanOrEqual": "1.3.2"}, {"status": "affected", "version": "1.3.0", "versionType": "custom", "lessThanOrEqual": "1.3.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04653en_us&docLocale=en_US"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass."}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2024-06-13T15:25:48.322Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22441", "state": "PUBLISHED", "dateUpdated": "2025-03-25T16:30:45.476Z", "dateReserved": "2024-01-10T15:24:39.967Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2024-06-13T15:23:19.669Z", "assignerShortName": "hpe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:cray_parallel_application_launch_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "50B4198C-41E6-49BC-8664-AF841D38FC3D", "versionEndExcluding": "1.2.14", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:cray_parallel_application_launch_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "91E967BC-8477-43A4-83F3-428AC266AC36", "versionEndExcluding": "1.3.3", "versionStartIncluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass."}, {"lang": "es", "value": "El servicio de lanzamiento de aplicaciones paralelas (PALS) de HPE Cray est\u00e1 sujeto a una omisi\u00f3n de autenticaci\u00f3n."}], "id": "CVE-2024-22441", "lastModified": "2025-03-25T17:15:49.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-13T16:15:10.493", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04653en_us&docLocale=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04653en_us&docLocale=en_US"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}