CVE-2024-3462

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-302
View all →

Vulnerability Description

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.

Related Vulnerabilities

CVE-2021-1561

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthor...

CWE-3022021

CVE-2023-47127

MEDIUM
CVSS:5.4(Medium)

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.examp...

CWE-3022023

CVE-2022-40703

MEDIUM
CVSS:6.1(Medium)

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android devi...

CWE-3022022

CVE-2024-47086

HIGH
CVSS:6.5(Medium)

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vu...

CWE-3022024

CVE-2024-8475

MEDIUM
CVSS:6.5(Medium)

Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5.

CWE-3022024

CVE-2021-1399

MEDIUM
CVSS:4.3(Medium)

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authent...

CWE-3022021