CVE-2024-3507

HIGH Year: 2024
CVSS v3 Score
7.7
High
Weakness Type
CWE-269
View all →

Vulnerability Description

Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information.

Related Vulnerabilities

CVE-2017-10000

HIGH
CVSS:7.7(High)

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily...

CWE-2692017

CVE-2019-10716

HIGH
CVSS:7.7(High)

An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.

CWE-2692019

CVE-2019-3786

HIGH
CVSS:7.7(High)

Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of...

CWE-2692019

CVE-2020-12528

HIGH
CVSS:7.7(High)

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in t...

CWE-2692020

CVE-2024-44147

HIGH
CVSS:7.7(High)

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.

CWE-2692024

CVE-2024-4545

HIGH
CVSS:7.7(High)

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. ...

CWE-2692024