How severe is CVE-2024-8462?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-8462?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2024-8462 - MEDIUM Severity | CVSS 3.7

Vulnerability Description

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component.

Related Vulnerabilities

CVE-2019-17240

LOW

CVSS:3.7(Low)

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

CWE-3072019

CVE-2020-29042

LOW

CVSS:3.7(Low)

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.

CWE-3072020

CVE-2021-29842

LOW

CVSS:3.7(Low)

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login...

CWE-3072021

CVE-2022-2822

LOW

CVSS:3.7(Low)

An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.

CWE-3072022

CVE-2025-3555

MEDIUM

CVSS:3.7(Low)

A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper rest...

CWE-3072025

CVE-2025-3556

MEDIUM

CVSS:3.7(Low)

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipul...

CWE-3072025