CVE-2024-37131

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-942
View all →

Vulnerability Description

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.

Related Vulnerabilities

CVE-2021-27786

CRITICAL
CVSS:9.8(Critical)

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial r...

CWE-9422021

CVE-2022-26969

CRITICAL
CVSS:9.8(Critical)

In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.

CWE-9422022

CVE-2022-31736

CRITICAL
CVSS:9.8(Critical)

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CWE-9422022

CVE-2023-50940

CRITICAL
CVSS:9.8(Critical)

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being...

CWE-9422023

CVE-2023-25603

CRITICAL
CVSS:9.1(Critical)

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privil...

CWE-9422023

CVE-2021-34435

HIGH
CVSS:8.8(High)

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to t...

CWE-9422021