CVE-2024-44104

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-290
View all →

Vulnerability Description

An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

Related Vulnerabilities

CVE-2017-8422

HIGH
CVSS:7.8(High)

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

CWE-2902017

CVE-2023-49794

HIGH
CVSS:7.8(High)

KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me...

CWE-2902023

CVE-2025-24458

HIGH
CVSS:7.8(High)

In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

CWE-2902025

CVE-2020-26254

HIGH
CVSS:7.7(High)

omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vul...

CWE-2902020

CVE-2022-4098

HIGH
CVSS:8.0(High)

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in ...

CWE-2902022

CVE-2023-34329

HIGH
CVSS:8.0(High)

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidenti...

CWE-2902023