CVE-2024-8040

HIGH Year: 2024
CVSS v3 Score
7.7
High
Weakness Type
CWE-639
View all →

Vulnerability Description

An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.

Related Vulnerabilities

CVE-2019-9921

HIGH
CVSS:7.7(High)

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.

CWE-6392019

CVE-2020-8154

HIGH
CVSS:7.7(High)

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.

CWE-6392020

CVE-2023-3285

HIGH
CVSS:7.7(High)

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.

CWE-6392023

CVE-2025-2271

HIGH
CVSS:7.7(High)

A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in...

CWE-6392025

CVE-2022-46179

HIGH
CVSS:7.8(High)

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anyth...

CWE-6392022

CVE-2023-21131

HIGH
CVSS:7.8(High)

In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of ...

CWE-6392023