CVE-2024-39870

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-602
View all →

Vulnerability Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.

Related Vulnerabilities

CVE-2021-21531

HIGH
CVSS:7.8(High)

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform un...

CWE-6022021

CVE-2024-44106

HIGH
CVSS:7.8(High)

Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

CWE-6022024

CVE-2025-32808

HIGH
CVSS:7.7(High)

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.

CWE-6022025

CVE-2021-36338

HIGH
CVSS:8.0(High)

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and...

CWE-6022021

CVE-2022-31233

HIGH
CVSS:8.0(High)

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and acc...

CWE-6022022

CVE-2020-8162

HIGH
CVSS:7.5(High)

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be mo...

CWE-6022020