CVE-2024-42423 MEDIUM

CVE-2024-42423

Vendor Dell
Product Wyse Proprietary OS (Modern ThinOS)
Weakness CWE-863 · Incorrect authorization
Published September 10, 2024
Last update September 10, 2024
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
September 10, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-47195 Quest Bot: Per-channel permission overwrite bypass in purge and slowmode commands. CVE-2025-22449 Access control flaw for team admins allows unauthorized team additions CVE-2025-15322 Tanium addressed an improper access controls vulnerability in Tanium Server. CVE-2024-10219 Incorrect Authorization in GitLab CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure