CVE-2024-49202

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-276
View all →

Vulnerability Description

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0.

Related Vulnerabilities

CVE-2019-17334

HIGH
CVSS:7.6(High)

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Sp...

CWE-2762019

CVE-2010-5108

HIGH
CVSS:7.5(High)

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permission...

CWE-2762010

CVE-2012-5577

HIGH
CVSS:7.5(High)

Python keyring lib before 0.10 created keyring files with world-readable permissions.

CWE-2762012

CVE-2017-18668

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June...

CWE-2762017

CVE-2017-18669

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June ...

CWE-2762017

CVE-2017-4975

HIGH
CVSS:7.5(High)

An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the op...

CWE-2762017