Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-44106 | 1 Ivanti | 1 Workspace Control | 2024-09-18 | N/A | 7.8 HIGH |
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | |||||
CVE-2024-43188 | 2024-09-18 | N/A | 4.9 MEDIUM | ||
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | |||||
CVE-2024-39870 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-09-09 | N/A | 7.8 HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. | |||||
CVE-2024-42340 | 1 Cyberark | 1 Identity | 2024-08-30 | N/A | 4.3 MEDIUM |
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | |||||
CVE-2024-6620 | 2024-07-30 | N/A | 3.5 LOW | ||
Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. Honeywell recommends updating to the most recent version of this firmware, PC42 Printer Firmware Version 20.6 T10.20.060398. | |||||
CVE-2023-48789 | 2024-06-03 | N/A | 4.3 MEDIUM | ||
A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests. | |||||
CVE-2024-32685 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. | |||||
CVE-2024-32521 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6. | |||||
CVE-2024-32512 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20. | |||||
CVE-2024-31491 | 2024-05-14 | N/A | 8.8 HIGH | ||
A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. | |||||
CVE-2022-1525 | 1 Cognex | 2 3d-a1000 Dimensioning System, 3d-a1000 Dimensioning System Firmware | 2024-02-28 | N/A | 9.1 CRITICAL |
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements. |