How severe is CVE-2024-38040?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-38040?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2024-38040

HIGH Year: 2024

CVSS v3 Score

7.5

High

Weakness Type

CWE-73

View all →

Vulnerability Description

There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.

CVE-2018-14820

HIGH

CVSS:7.5(High)

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

CWE-732018

CVE-2018-7495

HIGH

CVSS:7.5(High)

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce...

CWE-732018

CVE-2021-21343

HIGH

CVSS:7.5(High)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type informat...

CWE-732021

CVE-2021-3845

HIGH

CVSS:7.5(High)

ws-scrcpy is vulnerable to External Control of File Name or Path

CWE-732021

CVE-2022-42732

HIGH

CVSS:7.5(High)

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could...

CWE-732022

CVE-2022-42733

HIGH

CVSS:7.5(High)

CWE-732022

CVE-2024-38040

Vulnerability Description

Related Vulnerabilities

CVE-2018-14820

CVE-2018-7495

CVE-2021-21343

CVE-2021-3845

CVE-2022-42732

CVE-2022-42733