Total
55 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32685 | 1 Wpmet | 1 Wp Ultimate Review | 2025-02-07 | N/A | 5.3 MEDIUM |
| Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. | |||||
| CVE-2024-23666 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | N/A | 7.5 HIGH |
| A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests. | |||||
| CVE-2024-9844 | 1 Ivanti | 1 Connect Secure | 2025-01-17 | N/A | 7.1 HIGH |
| Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. | |||||
| CVE-2024-31491 | 1 Fortinet | 1 Fortisandbox | 2025-01-02 | N/A | 8.8 HIGH |
| A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. | |||||
| CVE-2023-48789 | 1 Fortinet | 1 Fortiportal | 2025-01-02 | N/A | 4.3 MEDIUM |
| A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests. | |||||
| CVE-2024-6831 | 2024-11-26 | N/A | 4.4 MEDIUM | ||
| Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-6620 | 2024-11-21 | N/A | 3.5 LOW | ||
| Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. Honeywell recommends updating to the most recent version of this firmware, PC42 Printer Firmware Version 20.6 T10.20.060398. | |||||
| CVE-2024-39870 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. | |||||
| CVE-2024-32521 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6. | |||||
| CVE-2024-32512 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20. | |||||
| CVE-2024-28029 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. | |||||
| CVE-2023-23570 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 5.4 MEDIUM |
| Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. | |||||
| CVE-2022-1525 | 1 Cognex | 2 3d-a1000 Dimensioning System, 3d-a1000 Dimensioning System Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements. | |||||
| CVE-2024-43188 | 1 Ibm | 1 Business Automation Workflow | 2024-09-29 | N/A | 4.9 MEDIUM |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | |||||
| CVE-2024-42340 | 1 Cyberark | 1 Identity | 2024-08-30 | N/A | 4.3 MEDIUM |
| CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | |||||