CVE-2024-46607

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-284
View all →

Vulnerability Description

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.

Related Vulnerabilities

CVE-2016-5536

HIGH
CVSS:7.6(High)

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidential...

CWE-2842016

CVE-2016-5562

HIGH
CVSS:7.6(High)

Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality an...

CWE-2842016

CVE-2016-8281

HIGH
CVSS:7.6(High)

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidential...

CWE-2842016

CVE-2016-8296

HIGH
CVSS:7.6(High)

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via v...

CWE-2842016

CVE-2016-8529

HIGH
CVSS:7.6(High)

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in L...

CWE-2842016

CVE-2021-38392

HIGH
CVSS:7.6(High)

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program ...

CWE-2842021