CVE-2024-38291

High CVSS: 8.8

In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.

Vendor

Product

CWE

Yayın Tarihi

2025-02-27 22:15:38

Güncelleme

2025-07-11 16:27:17

Source Identifier

cve@mitre.org

KEV Date Added

CWE-284 Xiq-se HIGH Extremenetworks 2025

High

CVE-2025-11192

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on…

High

CVE-2025-8679

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure…

Medium

CVE-2025-6235

In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the…

Medium

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id fi…

Medium

CVE-2024-38290

In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.

Critical

CVE-2024-38292

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which ma…