CVE-2024-22272

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own organization's scope.

Related Vulnerabilities

CVE-2021-32503

MEDIUM
CVSS:4.9(Medium)

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch fur...

CWE-8622021

CVE-2022-23621

MEDIUM
CVSS:4.9(Medium)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for...

CWE-8622022

CVE-2022-41929

MEDIUM
CVSS:4.9(Medium)

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This o...

CWE-8622022

CVE-2025-30861

MEDIUM
CVSS:4.9(Medium)

Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Res...

CWE-8622025

CVE-2025-47465

MEDIUM
CVSS:4.9(Medium)

Missing Authorization vulnerability in CreativeThemes Blocksy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blocksy: from n/a through 2.0.97.

CWE-8622025

CVE-2022-20394

MEDIUM
CVSS:5.0(Medium)

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to lo...

CWE-8622022