How severe is CVE-2024-41432?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-41432?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2024-41432 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc.

Related Vulnerabilities

CVE-2019-0388

MEDIUM

CVSS:5.3(Medium)

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.

CWE-2902019

CVE-2019-18659

MEDIUM

CVSS:5.3(Medium)

The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE Sy...

CWE-2902019

CVE-2019-20203

MEDIUM

CVSS:5.3(Medium)

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.

CWE-2902019

CVE-2020-10136

MEDIUM

CVSS:5.3(Medium)

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected beha...

CWE-2902020

CVE-2020-10807

MEDIUM

CVSS:5.3(Medium)

auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.

CWE-2902020

CVE-2020-12272

MEDIUM

CVSS:5.3(Medium)

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing...

CWE-2902020