CVE-2024-37929

MEDIUM EXPLOITED

solwin User Activity Log Pro <2.3.4 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-37929 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.

Scores

CVSS v3 6.3
EPSS 0.0034
EPSS Percentile 25.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2024-07-09
CWE
CWE-862
Status published
Products (1)
solwin/User Activity Log Pro < 2.3.4
Published Nov 01, 2024
Tracked Since Feb 18, 2026