CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-39872
https://notcve.org/view.php?id=CVE-2024-39872
This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-378: Creation of Temporary File With Insecure Permissions •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39870
https://notcve.org/view.php?id=CVE-2024-39870
A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39596 – [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now
https://notcve.org/view.php?id=CVE-2024-39596
Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. • https://me.sap.com/notes/3476348 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4944 – Mobile VPN with SSL Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4944
A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00010 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37999
https://notcve.org/view.php?id=CVE-2024-37999
The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges. • https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-501799 • CWE-282: Improper Ownership Management •