Server Misconfiguration Vulnerability in XIQ-SE by Extreme Networks
CVE-2024-38290

5.3MEDIUM

Key Information:

Vendor: Extreme Networks
Status: XIQ-SE
Vendor: CVE Published:; 27 February 2025

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2024-38290?

A server misconfiguration in versions of XIQ-SE prior to 24.2.11 may expose a vulnerability that permits user enumeration under certain conditions. This can lead to unauthorized access to user accounts, posing a risk to security. Proper configuration and timely updates are essential to mitigate this vulnerability.

References

https://community.extremenetworks.com/t5/security-advisor...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Jun 13, 2024

CVE-2024-38290 Data

JSON