CVE-2024-6435

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-732
View all →

Vulnerability Description

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.

Related Vulnerabilities

CVE-2007-6033

HIGH
CVSS:8.8(High)

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrar...

CWE-7322007

CVE-2017-0311

HIGH
CVSS:8.8(High)

NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges.

CWE-7322017

CVE-2017-0784

HIGH
CVSS:8.8(High)

A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.

CWE-7322017

CVE-2017-1000022

HIGH
CVSS:8.8(High)

LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.

CWE-7322017

CVE-2017-1000096

HIGH
CVSS:8.8(High)

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and c...

CWE-7322017

CVE-2017-1000403

HIGH
CVSS:8.8(High)

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.

CWE-7322017