How severe is CVE-2024-21985?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2024-21985?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2024-21985 - HIGH Severity | CVSS 7.6

Vulnerability Description

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS).

Related Vulnerabilities

CVE-2017-7922

HIGH

CVSS:7.6(High)

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sen...

CWE-2692017

CVE-2020-11466

HIGH

CVSS:7.6(High)

An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk ...

CWE-2692020

CVE-2020-7467

HIGH

CVSS:7.6(High)

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on ho...

CWE-2692020

CVE-2021-28702

HIGH

CVSS:7.6(High)

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically ...

CWE-2692021

CVE-2023-23990

HIGH

CVSS:7.6(High)

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a throu...

CWE-2692023

CVE-2024-12511

HIGH

CVSS:7.6(High)

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

CWE-2692024