CVE-2024-22348

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-942
View all →

Vulnerability Description

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

Related Vulnerabilities

CVE-2024-45642

MEDIUM
CVSS:5.3(Medium)

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po...

CWE-9422024

CVE-2023-23128

MEDIUM
CVSS:6.1(Medium)

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product f...

CWE-9422023

CVE-2024-21382

MEDIUM
CVSS:4.3(Medium)

Microsoft Edge for Android Information Disclosure Vulnerability

CWE-9422024

CVE-2022-34366

MEDIUM
CVSS:6.5(Medium)

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtai...

CWE-9422022

CVE-2023-37526

MEDIUM
CVSS:6.5(Medium)

HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access...

CWE-9422023

CVE-2023-45213

MEDIUM
CVSS:6.5(Medium)

A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.

CWE-9422023