How severe is CVE-2024-7096?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2024-7096?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-7096

MEDIUM Year: 2024

CVSS v3 Score

4.2

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP admin services are accessible to the attacker. * The deployment includes an internally used attribute that is not part of the default WSO2 product configuration. * At least one custom role exists with non-default permissions. * The attacker has knowledge of the custom role and the internal attribute used in the deployment. Exploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.

CVE-2017-8196

MEDIUM

CVSS:4.2(Medium)

FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby queryin...

CWE-8632017

CVE-2018-0803

MEDIUM

CVSS:4.2(Medium)

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Micr...

CWE-8632018

CVE-2020-15248

MEDIUM

CVSS:4.2(Medium)

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" ...

CWE-8632020

CVE-2021-33881

MEDIUM

CVSS:4.2(Medium)

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends ...

CWE-8632021

CVE-2024-23823

MEDIUM

CVSS:4.2(Medium)

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on C...

CWE-8632024

CVE-2025-21553

MEDIUM

CVSS:4.2(Medium)

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privilege...

CWE-8632025

CVE-2024-7096

Vulnerability Description

Related Vulnerabilities

CVE-2017-8196

CVE-2018-0803

CVE-2020-15248

CVE-2021-33881

CVE-2024-23823

CVE-2025-21553