How severe is CVE-2022-24047?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-24047?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2022-24047 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.

Related Vulnerabilities

CVE-2018-19000

MEDIUM

CVSS:5.3(Medium)

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.

CWE-2882018

CVE-2024-1525

MEDIUM

CVSS:5.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Unde...

CWE-2882024

CVE-2024-33939

MEDIUM

CVSS:5.3(Medium)

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.

CWE-2882024

CVE-2024-46887

MEDIUM

CVSS:5.3(Medium)

The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge a...

CWE-2882024

CVE-2024-50334

HIGH

CVSS:5.3(Medium)

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass a...

CWE-2882024

CVE-2025-26700

MEDIUM

CVSS:5.2(Medium)

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where ...

CWE-2882025