CWE-602

Medium likelihood

Client-Side Enforcement of Server-Side Security

Parent: CWE-693 - Protection Mechanism Failure

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

118 vulnerabilities with CWE-602

CVE-2024-6831 MEDIUM

Axis Camera Station Pro - Info Disclosure

CVSS 4.4

CVE-2024-23666 HIGH

Fortinet FortiAnalyzer-BigData <7.4.1 - Info Disclosure

CVSS 7.5

CVE-2024-20476 MEDIUM

Cisco Identity Services Engine - Authenticated Authorization Bypass via Crafted HTTP Request

CVSS 4.3

CVE-2024-43188 MEDIUM

IBM Business Automation Workflow - Privilege Escalation

CVSS 4.9

CVE-2024-44106 HIGH

Ivanti Workspace Control <2025.2 - Privilege Escalation

CVSS 8.8

CVE-2024-42340 HIGH

CyberArk Identity - Client-Side Enforcement of Server-Side Security

CVSS 8.3

CVE-2024-6620 LOW

Honeywell PC42t, PC42tp, and PC42d (Common Firmware) T10.19.020016-T10.20.060398 - Cross-Site Scripting

CVSS 3.5

CVE-2024-39870 MEDIUM

SINEMA Remote Connect Server <V3.2 SP1 - Privilege Escalation

CVSS 6.3

CVE-2024-32685 MEDIUM

Wpmet Wp Ultimate Review <2.2.5 - CSRF

CVSS 5.3

CVE-2024-32521 MEDIUM

Highfivery LLC Zero Spam <5.5.6 - Info Disclosure

CVSS 5.3

CVE-2024-32512 MEDIUM

weForms < 1.6.20 - Form Submission Restriction Bypass

CVSS 5.3

CVE-2024-31491 HIGH

FortiSandbox 4.2.1-4.2.6 and 4.4.0-4.4.4 - Unauthenticated Remote Code Execution via HTTP Requests

CVSS 8.8

CVE-2024-28029 HIGH

diaenergie < 1.10.00.005 - Authorization Bypass via Client-Side Privilege Manipulation

CVSS 8.8

CVE-2024-0701 MEDIUM

UserPro < 5.1.6 - Unauthenticated Security Feature Bypass via Client-Side Registration Restriction

CVSS 5.3

CVE-2023-48789 MEDIUM

Fortinet FortiPortal <6.0.14 - Info Disclosure

CVSS 4.3

CVE-2023-23570 MEDIUM

Gallagher Command Centre <8.90.1620 - Privilege Escalation

CVSS 5.4

CVE-2023-42787 MEDIUM

Fortinet FortiManager <7.2.3, FortiAnalyzer <7.2.3 - RCE

CVSS 6.5

CVE-2023-3747 MEDIUM

Cloudflare WARP - Client-Side Enforcement Bypass via Local Date Manipulation

CVSS 5.5

CVE-2023-39218 MEDIUM

Zoom Rooms < 5.14.10 - Information Disclosure via Client-Side Enforcement Bypass

CVSS 6.1

CVE-2023-30955 MEDIUM

Foundry workspace-server <7.7.0 - Auth Bypass

CVSS 4.3

CVE-2023-20172 MEDIUM

Cisco Identity Services Engine - Authenticated Arbitrary File Delete and Read

CVSS 5.4

CVE-2023-20171 MEDIUM

Cisco Identity Services Engine - Authenticated Arbitrary File Delete and Read

CVSS 5.4

CVE-2023-20106 MEDIUM

Cisco Identity Services Engine - Authenticated Arbitrary File Read and Delete

CVSS 5.4

CVE-2023-0750 CRITICAL

lynx-technik yellobrik_pec_1864_firmware - Authentication Bypass via Client-Side Enforcement

CVSS 9.8

CVE-2023-0704 MEDIUM

Google Chrome <110.0.5481.77 - Auth Bypass

CVSS 6.5

Details

Vulnerabilities 118

Exploit Likelihood Medium

Links