How severe is CVE-2024-4465?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2024-4465?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-4465 - MEDIUM Severity | CVSS 5

Vulnerability Description

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. This could result in a partial loss of data integrity. In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. Furthermore, modifying the destination SMTP server for the reports could lead to the compromise of external credentials, as they might be sent to an unauthorized server. This could expand the scope of the attack.

Related Vulnerabilities

CVE-2019-14832

MEDIUM

CVSS:5.0(Medium)

A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could u...

CWE-8632019

CVE-2023-25043

MEDIUM

CVSS:5.0(Medium)

Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25.

CWE-8632023

CVE-2024-48936

MEDIUM

CVSS:5.0(Medium)

SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs...

CWE-8632024

CVE-2017-6816

MEDIUM

CVSS:4.9(Medium)

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

CWE-8632017

CVE-2020-15120

MEDIUM

CVSS:4.9(Medium)

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be fur...

CWE-8632020

CVE-2020-26028

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.

CWE-8632020