How severe is CVE-2024-33500?

This vulnerability has a severity rating of HIGH with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-33500?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2024-33500 - HIGH Severity | CVSS 5.9

Vulnerability Description

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights.

Related Vulnerabilities

CVE-2017-6507

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have i...

CWE-2692017

CVE-2023-29056

MEDIUM

CVSS:5.9(Medium)

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Auth...

CWE-2692023

CVE-2024-3470

MEDIUM

CVSS:5.9(Medium)

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. ...

CWE-2692024

CVE-2024-44439

MEDIUM

CVSS:5.9(Medium)

An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port.

CWE-2692024

CVE-2025-2324

MEDIUM

CVSS:5.9(Medium)

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023....

CWE-2692025

CVE-2017-5703

MEDIUM

CVSS:6.0(Medium)

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.

CWE-2692017