CVE-2024-46887

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-288
View all →

Vulnerability Description

The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.

Related Vulnerabilities

CVE-2018-19000

MEDIUM
CVSS:5.3(Medium)

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.

CWE-2882018

CVE-2022-24047

MEDIUM
CVSS:5.3(Medium)

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific ...

CWE-2882022

CVE-2024-1525

MEDIUM
CVSS:5.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Unde...

CWE-2882024

CVE-2024-33939

MEDIUM
CVSS:5.3(Medium)

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.

CWE-2882024

CVE-2024-50334

HIGH
CVSS:5.3(Medium)

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass a...

CWE-2882024

CVE-2025-26700

MEDIUM
CVSS:5.2(Medium)

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where ...

CWE-2882025