CVE-2024-42340 CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security

CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security...

CVE-2024-42340 CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security

CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security...

Security feature bypass

A client-side enforcement of server-side security CWE-602 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution...

CVE-2023-42787

A client-side enforcement of server-side security CWE-602 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution...

CVE-2023-42787

Fortinet FortiManager (versions 7.4.0 and before 7.2.3) and FortiAnalyzer (versions 7.4.0 and before 7.2.3) are affected by a client-side enforcement of server-side security vulnerability (CWE-602) that could allow a remote attacker with low privileges to access a privileged web console via clien...

CVE-2022-1525

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...

Code injection

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...

CVE-2022-1525

The CVE-2022-1525 entry applies to Cognex 3D-A1000 Dimensioning System firmware 1.0.3 (3354) and earlier. The issue is CWE-602: Client-Side Enforcement of Server-Side Security, where attackers could bypass web access controls by inspecting/modifying the source code of password-protected web eleme...

PaperThin CommonSpot CMS contains multiple vulnerabilities

Overview PaperThin CommonSpot contains multiple vulnerabilities, which may allow an unauthenticated remote attacker to execute arbitrary code on the server. Description PaperThin CommonSpot is a content management system CMS that is based on Adobe ColdFusion. CommonSpot is composed of over 3000...

NETELLER Direct Payment API is not vulnerable to reported parameter manipulation

Overview NETELLER Direct Payment API version 4.1.6 and possibly earlier versions were reported to be vulnerable to parameter manipulation via a modified HTTP POST request. After further analysis and discussion with NETELLER, this report was found to be incorrect. The NETELLER Direct Payment API i...