Home > Vulnerability Database > CVE-2024-37887

Mend.io Vulnerability Database

CVE-2024-37887

Date: June 14, 2024

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.

Language: PHP

Severity Score

3.5

Related Resources (5)

Url: https://github.com/nextcloud/server/pull/45309

Url: https://hackerone.com/reports/2479325

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37887

Url: https://www.mend.io/vulnerability-database/CVE-2024-37887

Severity Score

3.5

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37887

Date: June 14, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?