CVE-2024-7986

MEDIUM Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-732
View all →

Vulnerability Description

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.

Related Vulnerabilities

CVE-2007-5743

HIGH
CVSS:7.5(High)

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

CWE-7322007

CVE-2017-0317

HIGH
CVSS:7.5(High)

All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tampe...

CWE-7322017

CVE-2017-0845

HIGH
CVSS:7.5(High)

A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.

CWE-7322017

CVE-2017-1000125

HIGH
CVSS:7.5(High)

Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.

CWE-7322017

CVE-2017-17568

HIGH
CVSS:7.5(High)

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive informa...

CWE-7322017

CVE-2017-4952

HIGH
CVSS:7.5(High)

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access...

CWE-7322017