CVE-2024-13058

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.

CVSS

No CVSS.

References

Link	Resource
https://advisories.softiron.cloud/

Configurations

No configuration.

History

29 Aug 2025, 19:15

Type	Values Removed	Values Added
Summary		(es) Existe un problema en SoftIron HyperCloud donde los usuarios autenticados, pero que no son administradores, pueden crear grupos de datos, lo que podría afectar potencialmente el rendimiento y la disponibilidad del subsistema de almacenamiento definido por software del backend. Este problema solo afecta a SoftIron HyperCloud y a los productos de software relacionados (como VM Squared) con versiones de software 2.3.0 y anteriores a la 2.5.0.
CWE		CWE-285

30 Dec 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-30 22:15

Updated : 2025-08-29 19:15

NVD link : CVE-2024-13058

Mitre link : CVE-2024-13058

CVE.ORG link : CVE-2024-13058

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

CWE-285

Improper Authorization

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-13058", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "0a72a055-908d-47f5-a16a-1f09049c16c6", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 4.8, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-30T22:15:05.957", "references": [{"url": "https://advisories.softiron.cloud/", "source": "0a72a055-908d-47f5-a16a-1f09049c16c6"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "0a72a055-908d-47f5-a16a-1f09049c16c6", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An issue exists in SoftIron HyperCloud\n where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem.\n\nThis issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0."}, {"lang": "es", "value": "Existe un problema en SoftIron HyperCloud donde los usuarios autenticados, pero que no son administradores, pueden crear grupos de datos, lo que podr\u00eda afectar potencialmente el rendimiento y la disponibilidad del subsistema de almacenamiento definido por software del backend. Este problema solo afecta a SoftIron HyperCloud y a los productos de software relacionados (como VM Squared) con versiones de software 2.3.0 y anteriores a la 2.5.0."}], "lastModified": "2025-08-29T19:15:33.497", "sourceIdentifier": "0a72a055-908d-47f5-a16a-1f09049c16c6"}