CVE-2024-39875

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-732
View all →

Vulnerability Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships.

Related Vulnerabilities

CVE-2016-11065

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.

CWE-7322016

CVE-2016-11080

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

CWE-7322016

CVE-2017-18870

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.

CWE-7322017

CVE-2017-18872

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

CWE-7322017

CVE-2017-18878

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.

CWE-7322017

CVE-2017-18910

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.

CWE-7322017