How severe is CVE-2024-1621?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-1621?

This is classified as CWE-940, which is a common weakness in software security.

CVE-2024-1621 - HIGH Severity | CVSS 7.5

Vulnerability Description

The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allow the attacker to register themselves against a genuine user in the system and allow malicious users with similar access and capabilities via the app to the existing genuine user.

Related Vulnerabilities

CVE-2023-51440

HIGH

CVSS:7.5(High)

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All ve...

CWE-9402023

CVE-2025-25305

HIGH

CVSS:7.0(High)

Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate v...

CWE-9402025

CVE-2025-23222

HIGH

CVSS:8.4(High)

An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitr...

CWE-9402025

CVE-2023-7004

MEDIUM

CVSS:6.5(Medium)

The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, wh...

CWE-9402023

CVE-2024-40503

MEDIUM

CVSS:6.5(Medium)

An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.

CWE-9402024

CVE-2025-23018

MEDIUM

CVSS:6.5(Medium)

IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exp...

CWE-9402025