CVE-2019-3764

MEDIUM Year: 2019
CVSS v3 Score
5.0
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.

Related Vulnerabilities

CVE-2021-28567

MEDIUM
CVSS:5.0(Medium)

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could...

CWE-2852021

CVE-2017-2632

MEDIUM
CVSS:4.9(Medium)

A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. ...

CWE-2852017

CVE-2022-3740

MEDIUM
CVSS:4.9(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Aut...

CWE-2852022

CVE-2023-32482

MEDIUM
CVSS:4.9(Medium)

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.

CWE-2852023

CVE-2024-21137

MEDIUM
CVSS:4.9(Medium)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabilit...

CWE-2852024

CVE-2024-21159

MEDIUM
CVSS:4.9(Medium)

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows hi...

CWE-2852024