CVE-2024-35122

LOW Year: 2024
CVSS v3 Score
2.8
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.

Related Vulnerabilities

CVE-2015-7494

LOW
CVSS:2.8(Low)

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API c...

CWE-2842015

CVE-2016-5551

LOW
CVSS:2.8(Low)

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerabili...

CWE-2842016

CVE-2018-20938

LOW
CVSS:2.7(Low)

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).

CWE-2842018

CVE-2021-46270

LOW
CVSS:2.7(Low)

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

CWE-2842021

CVE-2022-38377

LOW
CVSS:2.7(Low)

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0...

CWE-2842022

CVE-2023-28372

LOW
CVSS:2.7(Low)

A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.

CWE-2842023