How severe is CVE-2024-27086?

This vulnerability has a severity rating of LOW with a CVSS score of 3.9 out of 10.

What type of vulnerability is CVE-2024-27086?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-27086

LOW Year: 2024

CVSS v3 Score

3.9

Low

Weakness Type

CWE-863

View all →

Vulnerability Description

The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer Android device can cause local denial of service against applications that were built using MSAL.NET for authentication on the same device (i.e., prevent the user of the legitimate application from logging in) due to incorrect activity export configuration. MSAL.NET version 4.60.1 includes the fix. As a workaround, a developer may explicitly mark the MSAL.NET activity non-exported.

CVE-2021-26387

LOW

CVSS:3.9(Low)

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading t...

CWE-8632021

CVE-2017-12112

MEDIUM

CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the ...

CWE-8632017

CVE-2017-12113

MEDIUM

CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the...

CWE-8632017

CVE-2017-12114

MEDIUM

CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the re...

CWE-8632017

CVE-2017-12117

MEDIUM

CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the re...

CWE-8632017

CVE-2017-12118

MEDIUM

CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vul...

CWE-8632017

CVE-2024-27086

Vulnerability Description

Related Vulnerabilities

CVE-2021-26387

CVE-2017-12112

CVE-2017-12113

CVE-2017-12114

CVE-2017-12117

CVE-2017-12118