CVE-2024-11220

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-279
View all →

Vulnerability Description

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.

Related Vulnerabilities

CVE-2023-4383

HIGH
CVSS:7.8(High)

A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect exe...

CWE-2792023

CVE-2025-22843

HIGH
CVSS:7.8(High)

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local a...

CWE-2792025

CVE-2023-3915

HIGH
CVSS:7.2(High)

An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an e...

CWE-2792023

CVE-2023-4665

HIGH
CVSS:8.8(High)

Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.

CWE-2792023

CVE-2023-50914

MEDIUM
CVSS:6.7(Medium)

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directorie...

CWE-2792023

CVE-2024-37025

MEDIUM
CVSS:6.7(Medium)

Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalat...

CWE-2792024