CVE-2024-36070

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-497
View all →

Vulnerability Description

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)

Related Vulnerabilities

CVE-2024-22124

HIGH
CVSS:7.5(High)

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, K...

CWE-4972024

CVE-2024-22125

HIGH
CVSS:7.5(High)

Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be r...

CWE-4972024

CVE-2024-31887

HIGH
CVSS:7.5(High)

IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.

CWE-4972024

CVE-2024-48024

HIGH
CVSS:7.5(High)

: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Dai...

CWE-4972024

CVE-2024-50528

HIGH
CVSS:7.5(High)

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile Ap...

CWE-4972024

CVE-2024-52367

HIGH
CVSS:7.5(High)

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

CWE-4972024