CVE-2024-12838

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-302
View all →

Vulnerability Description

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators.

Related Vulnerabilities

CVE-2022-22729

HIGH
CVSS:8.8(High)

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 ver...

CWE-3022022

CVE-2024-4024

HIGH
CVSS:8.8(High)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. U...

CWE-3022024

CVE-2024-49056

HIGH
CVSS:8.8(High)

Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.

CWE-3022024

CVE-2025-24876

HIGH
CVSS:8.1(High)

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting mal...

CWE-3022025

CVE-2016-9482

CRITICAL
CVSS:9.8(Critical)

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=p...

CWE-3022016

CVE-2023-4612

CRITICAL
CVSS:9.8(Critical)

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7....

CWE-3022023