CVE-2024-49824

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-602
View all →

Vulnerability Description

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.

Related Vulnerabilities

CVE-2020-27268

MEDIUM
CVSS:6.5(Medium)

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically prox...

CWE-6022020

CVE-2022-3047

MEDIUM
CVSS:6.5(Medium)

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a cra...

CWE-6022022

CVE-2022-3310

MEDIUM
CVSS:6.5(Medium)

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via ...

CWE-6022022

CVE-2023-0704

MEDIUM
CVSS:6.5(Medium)

Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium securit...

CWE-6022023

CVE-2023-20171

MEDIUM
CVSS:6.5(Medium)

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabil...

CWE-6022023

CVE-2023-42787

MEDIUM
CVSS:6.5(Medium)

A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote at...

CWE-6022023