CVE-2024-44575
Incorrect Permission Assignment: is CVE-2024-44575real, exploitable, or a false positive? Here's the community verdict.
signals
public sources
Moderate signals. Triage by your actual exposure and reachability.
baseline read
auto · not a community verdict
Low signal — verdict needed
Few public signals point to active risk. Whether a scanner hit here is a true or false positive depends on your version and config — community verdicts decide.
Based on CVSS · FIRST EPSS
Confirm or dispute →CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2024-44575)<a href="https://www.truepositive.app/cve/CVE-2024-44575"><img src="https://www.truepositive.app/cve/CVE-2024-44575/badge.svg" alt="TruePositive verdict for CVE-2024-44575"></a>Live badge that updates automatically as the community verdict changes.
Community ground truth
Be the first practitioner to weigh in
So far this is only TruePositive's editorial baseline from public sources. Add your real-world verdict below — it becomes the signal the next person triaging this relies on.
🥇 The first 50 practitioners to contribute earn a Founding Contributor badge.
In your experience, is this finding real and exploitable?
0 verdictsNo account needed. Anonymous verdicts post as an unverified signal. Log in to make yours verified and earn reputation.
Field notes & remediation
Verdicts are the quick signal. Notes are the evidence and fixes behind them.
No notes yet. Be the first to share what you saw, or a fix that worked.
Add a field note or remediationoptional
Related CVEs
Same weakness: CWE-732 · Incorrect Permission Assignment.
- CVE-2018-13374MED 4.3KEVEPSS 38%
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
- CVE-2017-17677HIGH 8.8Real · low riskEPSS 1%
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
- CVE-2021-34110HIGH 7.8Real · low riskEPSS 1%
WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.
- CVE-2022-35167HIGH 8.8Real · low riskEPSS 1%
Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions.
- CVE-2023-31748HIGH 7.8Real · low riskEPSS 1%
Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file.
- CVE-2023-39004CRIT 9.8Real · low riskEPSS 1%
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.