How severe is CVE-2024-11049?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-11049?

This is classified as CWE-425, which is a common weakness in software security.

CVE-2024-11049 - MEDIUM Severity | CVSS 3.7

Vulnerability Description

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2017-2161

LOW

CVSS:3.5(Low)

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access res...

CWE-4252017

CVE-2018-11346

MEDIUM

CVSS:4.3(Medium)

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitraril...

CWE-4252018

CVE-2018-19620

MEDIUM

CVSS:4.3(Medium)

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.

CWE-4252018

CVE-2019-1220

MEDIUM

CVSS:4.3(Medium)

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerab...

CWE-4252019

CVE-2019-16386

MEDIUM

CVSS:4.3(Medium)

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database...

CWE-4252019

CVE-2019-16388

MEDIUM

CVSS:4.3(Medium)

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NO...

CWE-4252019