CVE-2024-46894

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.

Related Vulnerabilities

CVE-2015-6918

MEDIUM
CVSS:6.3(Medium)

salt before 2015.5.5 leaks git usernames and passwords to the log.

CWE-2002015

CVE-2016-0899

MEDIUM
CVSS:6.3(Medium)

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Cont...

CWE-2002016

CVE-2017-6786

MEDIUM
CVSS:6.3(Medium)

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affect...

CWE-2002017

CVE-2018-18073

MEDIUM
CVSS:6.3(Medium)

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.

CWE-2002018

CVE-2019-4140

MEDIUM
CVSS:6.3(Medium)

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.

CWE-2002019

CVE-2020-10195

MEDIUM
CVSS:6.3(Medium)

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php...

CWE-2002020