How severe is CVE-2024-2321?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2024-2321?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-2321

MEDIUM Year: 2024

CVSS v3 Score

5.6

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potentially enabling unauthorized operations. Exploitation requires an attacker to obtain a valid refresh token of an admin user. Since refresh tokens generally have a longer expiration time, this could lead to prolonged unauthorized access to API resources, impacting data confidentiality and integrity.

CVE-2021-3499

MEDIUM

CVSS:5.6(Medium)

A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to po...

CWE-8632021

CVE-2017-8216

MEDIUM

CVSS:5.5(Medium)

Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on...

CWE-8632017

CVE-2018-11142

MEDIUM

CVSS:5.5(Medium)

The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypas...

CWE-8632018

CVE-2018-16597

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

CWE-8632018

CVE-2018-18397

MEDIUM

CVSS:5.5(Medium)

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs ...

CWE-8632018

CVE-2019-1289

MEDIUM

CVSS:5.5(Medium)

An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Pr...

CWE-8632019

CVE-2024-2321

Vulnerability Description

Related Vulnerabilities

CVE-2021-3499

CVE-2017-8216

CVE-2018-11142

CVE-2018-16597

CVE-2018-18397

CVE-2019-1289