How severe is CVE-2024-5178?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-5178?

This is classified as CWE-184, which is a common weakness in software security.

CVE-2024-5178

MEDIUM Year: 2024

CVSS v3 Score

4.9

Medium

Weakness Type

CWE-184

View all →

Vulnerability Description

ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

CVE-2024-23336

MEDIUM

CVSS:5.0(Medium)

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerabil...

CWE-1842024

CVE-2021-25737

MEDIUM

CVSS:4.8(Medium)

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or l...

CWE-1842021

CVE-2021-1255

MEDIUM

CVSS:5.4(Medium)

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorizatio...

CWE-1842021

CVE-2024-28246

MEDIUM

CVSS:5.5(Medium)

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs ...

CWE-1842024

CVE-2016-6189

MEDIUM

CVSS:4.3(Medium)

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

CWE-1842016

CVE-2017-2602

MEDIUM

CVSS:4.3(Medium)

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written t...

CWE-1842017

CVE-2024-5178

Vulnerability Description

Related Vulnerabilities

CVE-2024-23336

CVE-2021-25737

CVE-2021-1255

CVE-2024-28246

CVE-2016-6189

CVE-2017-2602