CVE-2024-45323

LOW Year: 2024
CVSS v3 Score
2.7
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.

Related Vulnerabilities

CVE-2018-20938

LOW
CVSS:2.7(Low)

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).

CWE-2842018

CVE-2021-46270

LOW
CVSS:2.7(Low)

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

CWE-2842021

CVE-2022-38377

LOW
CVSS:2.7(Low)

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0...

CWE-2842022

CVE-2023-28372

LOW
CVSS:2.7(Low)

A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.

CWE-2842023

CVE-2023-48303

LOW
CVSS:2.7(Low)

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Ente...

CWE-2842023

CVE-2024-2880

LOW
CVSS:2.7(Low)

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `adm...

CWE-2842024