CVE-2024-0439

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-269
View all →

Vulnerability Description

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.

Related Vulnerabilities

CVE-2017-6767

HIGH
CVSS:7.1(High)

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be ...

CWE-2692017

CVE-2018-0751

HIGH
CVSS:7.1(High)

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of pr...

CWE-2692018

CVE-2018-5839

HIGH
CVSS:7.1(High)

Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon ...

CWE-2692018

CVE-2019-18845

HIGH
CVSS:7.1(High)

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AU...

CWE-2692019

CVE-2020-0785

HIGH
CVSS:7.1(High)

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.

CWE-2692020

CVE-2020-23362

HIGH
CVSS:7.1(High)

Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.

CWE-2692020