CVE-2024-37929
MEDIUM EXPLOITEDsolwin User Activity Log Pro <2.3.4 - Privilege Escalation
Title source: llmExploitation Summary
CVE-2024-37929 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.
References (2)
Core 2
Core References
Scores
CVSS v3
6.3
EPSS
0.0034
EPSS Percentile
25.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2024-07-09
CWE
CWE-862
Status
published
Products (1)
solwin/User Activity Log Pro
< 2.3.4
Published
Nov 01, 2024
Tracked Since
Feb 18, 2026