CVE-2024-57055

MEDIUM Year: 2024
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-306
View all →

Vulnerability Description

Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use JSON services) and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit.

Related Vulnerabilities

CVE-2019-20105

MEDIUM
CVSS:4.9(Medium)

The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 b...

CWE-3062019

CVE-2020-19670

MEDIUM
CVSS:4.9(Medium)

In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.

CWE-3062020

CVE-2021-32659

MEDIUM
CVSS:4.9(Medium)

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the conf...

CWE-3062021

CVE-2021-32709

MEDIUM
CVSS:4.9(Medium)

Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update ...

CWE-3062021

CVE-2023-30612

MEDIUM
CVSS:4.9(Medium)

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP r...

CWE-3062023

CVE-2025-44039

MEDIUM
CVSS:5.1(Medium)

CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a seri...

CWE-3062025