{"cve":{"cve_id":"CVE-2024-2005","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00453,"epss_percentile":0.35968,"epss_as_of":"2026-06-23","description":"\nIn Blue PlanetĀ® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue PlanetĀ® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n","published_at":"2024-03-05T18:54:00.839000Z","last_modified_at":null,"cvss_v3_score":9.0,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-269"],"nvd_references":["https://www.ciena.com/product-security"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:56:44.112925Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"inventory-bpi","product_name":"Inventory (BPI)","version_start":" early versions ","version_start_inclusive":true,"version_end":" 22.12","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:inventory-bpi: early versions : 22.12"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"inventory-bpi","product_name":"Inventory (BPI)","version_start":" 21.10 MR11","version_start_inclusive":true,"version_end":" 21.10 MR11","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:inventory-bpi: 21.10 MR11: 21.10 MR11"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"inventory-bpi","product_name":"Inventory (BPI)","version_start":" 22.02 MR5","version_start_inclusive":true,"version_end":" 22.02 MR5","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:inventory-bpi: 22.02 MR5: 22.02 MR5"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"inventory-bpi","product_name":"Inventory (BPI)","version_start":" 22.08 MR4","version_start_inclusive":true,"version_end":" 22.08 MR4","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:inventory-bpi: 22.08 MR4: 22.08 MR4"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"orchestration-bpo","product_name":"Orchestration (BPO)","version_start":" early versions ","version_start_inclusive":true,"version_end":" 22.12","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:orchestration-bpo: early versions : 22.12"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"orchestration-bpo","product_name":"Orchestration (BPO)","version_start":" 22.02.03","version_start_inclusive":true,"version_end":" 22.02.03","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:orchestration-bpo: 22.02.03: 22.02.03"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"orchestration-bpo","product_name":"Orchestration (BPO)","version_start":" 22.08.05","version_start_inclusive":true,"version_end":" 22.08.05","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:orchestration-bpo: 22.08.05: 22.08.05"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"orchestration-bpo","product_name":"Orchestration (BPO)","version_start":" 22.12.02","version_start_inclusive":true,"version_end":" 22.12.02","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:orchestration-bpo: 22.12.02: 22.12.02"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"route-optimization-and-analysis-roa","product_name":"Route Optimization and Analysis (ROA)","version_start":" early versions ","version_start_inclusive":true,"version_end":" 22.12","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:route-optimization-and-analysis-roa: early versions : 22.12"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"route-optimization-and-analysis-roa","product_name":"Route Optimization and Analysis (ROA)","version_start":" 22.02.P01.11-R","version_start_inclusive":true,"version_end":" 22.02.P01.11-R","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:route-optimization-and-analysis-roa: 22.02.P01.11-R: 22.02.P01.11-R"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"route-optimization-and-analysis-roa","product_name":"Route Optimization and Analysis (ROA)","version_start":" 22.08.P01.1-R","version_start_inclusive":true,"version_end":" 22.08.P01.1-R","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:route-optimization-and-analysis-roa: 22.08.P01.1-R: 22.08.P01.1-R"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"route-optimization-and-analysis-roa","product_name":"Route Optimization and Analysis (ROA)","version_start":" 22.12.P01.2.1-R","version_start_inclusive":true,"version_end":" 22.12.P01.2.1-R","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:route-optimization-and-analysis-roa: 22.12.P01.2.1-R: 22.12.P01.2.1-R"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"unified-assurance-and-analytics-uaa","product_name":"Unified Assurance and Analytics (UAA)","version_start":" early versions ","version_start_inclusive":true,"version_end":" 22.12","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:unified-assurance-and-analytics-uaa: early versions : 22.12"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"unified-assurance-and-analytics-uaa","product_name":"Unified Assurance and Analytics (UAA)","version_start":" 22.02 MR5","version_start_inclusive":true,"version_end":" 22.02 MR5","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:unified-assurance-and-analytics-uaa: 22.02 MR5: 22.02 MR5"},{"vendor_slug":"blue-planet","vendor_name":"Blue Planet","product_slug":"unified-assurance-and-analytics-uaa","product_name":"Unified Assurance and Analytics (UAA)","version_start":" 22.12 MR2","version_start_inclusive":true,"version_end":" 22.12 MR2","version_end_inclusive":true,"cpe23_uri":"cve5:blue-planet:unified-assurance-and-analytics-uaa: 22.12 MR2: 22.12 MR2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.ciena.com/product-security","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-03-05T18:54:00.839000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:35:03.990182Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:35:03.990182Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:35:03.990182Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:56:44.112925Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:56:44.112925Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:56:44.112925Z","label":"SSVC decision revised","source":"vulnrichment"}]}