How severe is CVE-2024-3202?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-3202?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2024-3202 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple CMS 1.2.4. This issue affects some unknown processing of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-259049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2019-4068

MEDIUM

CVSS:5.9(Medium)

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.

CWE-3072019

CVE-2021-20415

MEDIUM

CVSS:5.9(Medium)

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.

CWE-3072021

CVE-2021-38890

MEDIUM

CVSS:5.9(Medium)

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.

CWE-3072021

CVE-2022-22485

MEDIUM

CVSS:5.9(Medium)

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the...

CWE-3072022

CVE-2022-22487

MEDIUM

CVSS:5.9(Medium)

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. ...

CWE-3072022

CVE-2014-2875

MEDIUM

CVSS:6.1(Medium)

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOT...

CWE-3072014