CVE-2024-8535

MEDIUM Year: 2024
Weakness Type
CWE-552
View all →

Vulnerability Description

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources

Related Vulnerabilities

CVE-2024-39931

CRITICAL
CVSS:9.9(Critical)

Gogs through 0.13.0 allows deletion of internal files.

CWE-5522024

CVE-2017-10930

CRITICAL
CVSS:9.8(Critical)

The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information lik...

CWE-5522017

CVE-2017-14942

CRITICAL
CVSS:9.8(Critical)

Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:...

CWE-5522017

CVE-2020-12743

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it...

CWE-5522020

CVE-2023-29931

CRITICAL
CVSS:9.8(Critical)

laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.

CWE-5522023

CVE-2023-48710

CRITICAL
CVSS:9.8(Critical)

iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that...

CWE-5522023