CVE-2024-8687

MEDIUM Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-497
View all →

Vulnerability Description

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so.

Related Vulnerabilities

CVE-2025-46421

MEDIUM
CVSS:6.8(Medium)

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new hos...

CWE-4972025

CVE-2024-22124

HIGH
CVSS:7.5(High)

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, K...

CWE-4972024

CVE-2024-22125

HIGH
CVSS:7.5(High)

Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be r...

CWE-4972024

CVE-2024-31887

HIGH
CVSS:7.5(High)

IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.

CWE-4972024

CVE-2024-36070

HIGH
CVSS:7.5(High)

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.ph...

CWE-4972024

CVE-2024-48024

HIGH
CVSS:7.5(High)

: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Dai...

CWE-4972024