CVE-2020-7824

MEDIUM Year: 2020
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-267
View all →

Vulnerability Description

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.

Related Vulnerabilities

CVE-2022-38124

MEDIUM
CVSS:6.5(Medium)

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.

CWE-2672022

CVE-2023-27895

MEDIUM
CVSS:6.5(Medium)

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views...

CWE-2672023

CVE-2023-2983

MEDIUM
CVSS:6.5(Medium)

Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.

CWE-2672023

CVE-2024-20411

MEDIUM
CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnera...

CWE-2672024

CVE-2019-14865

MEDIUM
CVSS:5.9(Medium)

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be tr...

CWE-2672019

CVE-2021-40354

HIGH
CVSS:7.1(High)

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All vers...

CWE-2672021