CVE-2024-9412

HIGH Year: 2024
Weakness Type
CWE-842
View all →

Vulnerability Description

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.

Related Vulnerabilities

CVE-2022-45097

HIGH
CVSS:8.8(High)

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of priv...

CWE-8422022

CVE-2022-3650

HIGH
CVSS:7.8(High)

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

CWE-8422022

CVE-2022-31007

HIGH
CVSS:7.2(High)

eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system admi...

CWE-8422022

CVE-2022-2989

HIGH
CVSS:7.1(High)

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to th...

CWE-8422022

CVE-2022-2990

HIGH
CVSS:7.1(High)

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to t...

CWE-8422022

CVE-2023-25575

MEDIUM
CVSS:6.5(Medium)

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\Metadata\ApiProperty` attribute can b...

CWE-8422023