CWE-602

Medium likelihood

Client-Side Enforcement of Server-Side Security

Parent: CWE-693 - Protection Mechanism Failure

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

118 vulnerabilities with CWE-602
CVE-2025-5450 MEDIUM
Ivanti Connect/Ivanti Policy <22.7R2.8/<22.7R1.5 - Privilege Escala...
CVSS 6.3
CVE-2025-40591 HIGH
RUGGEDCOM ROX -<V2.16.5 - Info Disclosure
CVSS 7.7
CVE-2025-43699 MEDIUM
Salesforce OmniStudio <Spring 2025 - Auth Bypass
CVSS 5.3
CVE-2025-47697 HIGH
wivia 5 Firmware - Unauthenticated Authentication Bypass via Client-Side Enforcement
CVSS 7.5
CVE-2025-33137 HIGH
IBM Aspera Faspex <5.0.12 - Info Disclosure
CVSS 7.1
CVE-2025-20113 HIGH
Cisco Unified Intelligence Center - Privilege Escalation
CVSS 7.1
CVE-2025-33025 CRITICAL
RUGGEDCOM ROX -<V2.16.5 - Path Traversal
CVSS 9.9
CVE-2025-33024 CRITICAL
RUGGEDCOM ROX -<V2.16.5 - Path Traversal
CVSS 9.9
CVE-2025-32469 CRITICAL
RUGGEDCOM ROX -<V2.16.5 - Info Disclosure
CVSS 9.9
CVE-2025-4527 LOW
Dígitro NGC Explorer 3.44.15 - Auth Bypass
CVSS 3.7
CVE-2025-46591 MEDIUM
Huawei HarmonyOS - Out-of-Bounds Read in Authorization Module
CVSS 6.2
CVE-2025-28168 MEDIUM
Multiple File Upload 3.1.0 - Unrestricted Upload of File with Dangerous Type via Parameter Tampering
CVSS 6.4
CVE-2025-1838 MEDIUM
IBM Cloud Pak for Business Automation <24.0.1 - DoS
CVSS 6.5
CVE-2025-42601 HIGH
Meon KYC solutions 1.1 - Captcha Bypass via API Request Manipulation
CVE-2025-32808 HIGH
W. W. Norton InQuizitive <2025-04-08 - Info Disclosure
CVSS 7.7
CVE-2025-32359 MEDIUM
Zammad 6.4.x <6.4.2 - Info Disclosure
CVSS 4.8
CVE-2025-25497 HIGH
Netsweeper Server <8.2.6 - Privilege Escalation
CVSS 8.1
CVE-2025-27681 CRITICAL
Vasion Print <1.0.735-20.0.1330 - Info Disclosure
CVSS 9.8
CVE-2024-41751 MEDIUM
IBM SmartCloud Analytics - Log Analysis <1.3.8.2 - Auth Bypass
CVSS 5.5
CVE-2024-41750 MEDIUM
IBM SmartCloud Analytics - Log Analysis <1.3.8.2 - Auth Bypass
CVSS 5.5
CVE-2024-52960 MEDIUM
Fortinet FortiSandbox <4.2.7 - Command Injection
CVSS 4.3
CVE-2024-49824 MEDIUM
IBM Robotic Process Automation <23.0.18 - Privilege Escalation
CVSS 6.5
CVE-2024-12603 CRITICAL
com.transsion.applock - Auth Bypass
CVSS 9.8
CVE-2024-9844 HIGH
Ivanti Connect Secure <22.7R2.4 - Auth Bypass
CVSS 7.1
CVE-2024-52008 HIGH
Fides < 2.50.0 - Weak Password Policy Enforcement via User Invite Acceptance API
CVSS 8.8
Details
Vulnerabilities 118
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits