CVE-2024-8655

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-552
View all →

Vulnerability Description

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2019-14273

MEDIUM
CVSS:5.3(Medium)

In SilverStripe assets 4.0, there is broken access control on files.

CWE-5522019

CVE-2019-20593

MEDIUM
CVSS:5.3(Medium)

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).

CWE-5522019

CVE-2019-3897

MEDIUM
CVSS:5.3(Medium)

It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this ...

CWE-5522019

CVE-2020-10105

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an att...

CWE-5522020

CVE-2020-13953

MEDIUM
CVSS:5.3(Medium)

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

CWE-5522020

CVE-2021-33843

MEDIUM
CVSS:5.3(Medium)

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values su...

CWE-5522021