CVE-2024-26139

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-284
View all →

Vulnerability Description

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.

Related Vulnerabilities

CVE-2014-3120

HIGH
CVSS:8.1(High)

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. ...

CWE-2842014

CVE-2015-7887

HIGH
CVSS:8.1(High)

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.

CWE-2842015

CVE-2016-0304

HIGH
CVSS:8.1(High)

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass a...

CWE-2842016

CVE-2016-10030

HIGH
CVSS:8.1(High)

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on...

CWE-2842016

CVE-2016-10417

HIGH
CVSS:8.1(High)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, M...

CWE-2842016

CVE-2016-10830

HIGH
CVSS:8.1(High)

cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

CWE-2842016