CVE-2024-12058

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-73
View all →

Vulnerability Description

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

Related Vulnerabilities

CVE-2025-26684

MEDIUM
CVSS:6.7(Medium)

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CWE-732025

CVE-2020-2003

MEDIUM
CVSS:6.5(Medium)

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causin...

CWE-732020

CVE-2021-27250

MEDIUM
CVSS:6.5(Medium)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to ex...

CWE-732021

CVE-2022-0593

MEDIUM
CVSS:6.5(Medium)

The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated use...

CWE-732022

CVE-2022-20789

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an...

CWE-732022