CVE-2024-38646

HIGH Year: 2024
Weakness Type
CWE-732
View all →

Vulnerability Description

An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later

Related Vulnerabilities

CVE-2025-21520

LOW
CVSS:1.8(Low)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exp...

CWE-7322025

CVE-2021-33509

CRITICAL
CVSS:9.9(Critical)

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

CWE-7322021

CVE-2023-40622

CRITICAL
CVSS:9.9(Critical)

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise...

CWE-7322023

CVE-2024-5618

CRITICAL
CVSS:9.9(Critical)

Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affe...

CWE-7322024

CVE-2025-0066

CRITICAL
CVSS:9.9(Critical)

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a...

CWE-7322025

CVE-2011-3923

CRITICAL
CVSS:9.8(Critical)

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

CWE-7322011