CVE-2017-14013

MEDIUM Year: 2017
CVSS v3 Score
5.6
Medium
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-602
View all →

Vulnerability Description

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.

Related Vulnerabilities

CVE-2023-3747

MEDIUM
CVSS:5.5(Medium)

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disc...

CWE-6022023

CVE-2020-5345

MEDIUM
CVSS:5.4(Medium)

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass v...

CWE-6022020

CVE-2023-30955

MEDIUM
CVSS:5.4(Medium)

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient pr...

CWE-6022023

CVE-2024-32512

MEDIUM
CVSS:5.3(Medium)

Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20.

CWE-6022024

CVE-2024-32521

MEDIUM
CVSS:5.3(Medium)

Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6.

CWE-6022024

CVE-2024-32685

MEDIUM
CVSS:5.3(Medium)

Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5.

CWE-6022024