CVE-2024-51559

HIGH Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts.

Related Vulnerabilities

CVE-2018-16606

MEDIUM
CVSS:6.5(Medium)

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Org...

CWE-6392018

CVE-2019-12252

MEDIUM
CVSS:6.5(Medium)

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&not...

CWE-6392019

CVE-2019-14245

MEDIUM
CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.

CWE-6392019

CVE-2019-14246

MEDIUM
CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.

CWE-6392019

CVE-2019-14721

MEDIUM
CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.

CWE-6392019

CVE-2019-15815

MEDIUM
CVSS:6.5(Medium)

ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privi...

CWE-6392019