How severe is CVE-2024-47770?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2024-47770?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2024-47770

MEDIUM Year: 2024

CVSS v3 Score

4.6

Medium

Weakness Type

CWE-269

View all →

Vulnerability Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2019-4589

MEDIUM

CVSS:4.6(Medium)

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.

CWE-2692019

CVE-2025-31282

MEDIUM

CVSS:4.6(Medium)

A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the acc...

CWE-2692025

CVE-2025-31283

MEDIUM

CVSS:4.6(Medium)

A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the accou...

CWE-2692025

CVE-2025-31284

MEDIUM

CVSS:4.6(Medium)

A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account a...

CWE-2692025

CVE-2025-31285

MEDIUM

CVSS:4.6(Medium)

A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the accoun...

CWE-2692025

CVE-2025-31286

MEDIUM

CVSS:4.6(Medium)

An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backe...

CWE-2692025

CVE-2024-47770

Vulnerability Description

Related Vulnerabilities

CVE-2019-4589

CVE-2025-31282

CVE-2025-31283

CVE-2025-31284

CVE-2025-31285

CVE-2025-31286