Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-19411

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Nov, 2018 | 16:00
Updated At-17 Sep, 2024 | 01:05
Rejected At-
Credits

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Nov, 2018 | 16:00
Updated At:17 Sep, 2024 | 01:05
Rejected At:
▼CVE Numbering Authority (CNA)

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-25/
x_refsource_MISC
Hyperlink: https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-25/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-25/
x_refsource_MISC
x_transferred
Hyperlink: https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-25/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Nov, 2018 | 16:29
Updated At:03 Oct, 2019 | 00:03

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches

paessler
paessler
>>prtg_network_monitor>>Versions before 18.2.40.1683(exclusive)
cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-25/cve@mitre.org
Third Party Advisory
Hyperlink: https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-25/
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

162Records found

CVE-2017-15651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-1.32% / 67.37%
||
7 Day CHG~0.00%
Published-20 Oct, 2017 | 00:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message.

Action-Not Available
Vendor-paesslern/a
Product-prtg_network_monitorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-19204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-4.64% / 90.60%
||
7 Day CHG~0.00%
Published-12 Nov, 2018 | 16:00
Updated-16 Sep, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor.

Action-Not Available
Vendor-paesslern/a
Product-prtg_network_monitorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15917
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 48.60%
||
7 Day CHG~0.00%
Published-26 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.

Action-Not Available
Vendor-paesslern/a
Product-prtg_network_monitorn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-0204
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.39% / 68.90%
||
7 Day CHG~0.00%
Published-03 Nov, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.

Action-Not Available
Vendor-n/aOpenStack
Product-keystonen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-24678
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.8||HIGH
EPSS-1.45% / 70.23%
||
7 Day CHG~0.00%
Published-22 Dec, 2020 | 21:13
Updated-17 Sep, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential Privilege Escalation in Symphony Plus

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.

Action-Not Available
Vendor-ABB
Product-symphony_\+_historiansymphony_\+_operationsABB Ability™ Symphony® Plus OperationsABB Ability™ Symphony® Plus Historian
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-4583
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-2.00% / 78.34%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 15:11
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabgitlab-shellGitLab Community EditionGitLab Enterprise EditionGitLabgitlab-shell
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1400
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.29% / 66.66%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:42
Updated-08 Nov, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-wap131wap351_firmwarewap351wap125_firmwarewap581wap125wap361wap581_firmwarewap131_firmwarewap150wap150_firmwarewap361_firmwareCisco Business Wireless Access Point Software
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20076
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.78% / 51.37%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:05
Updated-15 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script searchview.php privileges management

A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-12689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.56% / 72.25%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 23:43
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Action-Not Available
Vendor-n/aCanonical Ltd.OpenStack
Product-ubuntu_linuxkeystonen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-12074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.73% / 74.78%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 02:00
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.

Action-Not Available
Vendor-webtoffeen/a
Product-import_export_wordpress_usersn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1728
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.82% / 76.20%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
System Center Operations Manager Elevation of Privilege Vulnerability

System Center Operations Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-system_center_operations_managerSystem Center 2019 Operations Manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-13400
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.7||MEDIUM
EPSS-1.44% / 69.90%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 14:00
Updated-17 Sep, 2024 | 01:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20075
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.78% / 51.37%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:05
Updated-15 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script payment.php privileges management

A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2010-4664
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.65%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 21:43
Updated-07 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

Action-Not Available
Vendor-consolekit_projectconsolekitDebian GNU/LinuxRed Hat, Inc.
Product-consolekitdebian_linuxenterprise_linuxconsolekit
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-3849
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.3||MEDIUM
EPSS-1.04% / 59.90%
||
7 Day CHG~0.00%
Published-26 Mar, 2019 | 17:46
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

Action-Not Available
Vendor-[UNKNOWN]Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7509
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-1.19% / 64.18%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:44
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.

Action-Not Available
Vendor-n/a
Product-easergy_t300easergy_t300_firmwareEasergy T300 (Firmware version 1.5.2 and older)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-6949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.28% / 66.54%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 18:58
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.

Action-Not Available
Vendor-hashbrowncmsn/a
Product-hashbrown_cmsn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7047
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-2.46% / 82.51%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 20:37
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.

Action-Not Available
Vendor-webfactoryltdn/a
Product-wp_database_resetn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-6236
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.2||HIGH
EPSS-1.24% / 65.45%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 18:38
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.

Action-Not Available
Vendor-SAP SE
Product-landscape_managementadaptive_extensionsSAP Landscape ManagementSAP Adaptive Extensions
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-5773
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.99% / 58.37%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 19:55
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations.

Action-Not Available
Vendor-teltonika-networksn/a
Product-trb245_firmwaretrb245Teltonika Gateway TRB245
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-4603
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.81% / 52.59%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-36156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-2.03% / 78.72%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 17:22
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.

Action-Not Available
Vendor-n/aUltimate Member Group Ltd
Product-ultimate_membern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-14819
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.05% / 60.20%
||
7 Day CHG+0.01%
Published-07 Jan, 2020 | 17:02
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Action-Not Available
Vendor-[Red Hat]Red Hat, Inc.
Product-openshift_container_platformopenshift-ansible
CWE ID-CWE-270
Privilege Context Switching Error
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-15747
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.09% / 61.33%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 11:39
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.

Action-Not Available
Vendor-sitosn/a
Product-sitos_sixn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-12775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.88% / 76.86%
||
7 Day CHG~0.00%
Published-07 Jun, 2019 | 15:06
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the web application service is granted full access to run any system commands with elevated privilege, without the need for password authentication. Should vulnerabilities be identified and exploited within the web application, it may be possible for a threat actor to create or run high-privileged binaries or executables that are available within the operating system of the device.)

Action-Not Available
Vendor-enttecn/a
Product-storm_24datagate_mk2datagate_mk2_firmwarestorm_24_firmwaree-streamer_mk2e-streamer_mk2_firmwarepixelator_firmwarepixelatorn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-11553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.95% / 57.02%
||
7 Day CHG~0.00%
Published-19 Jul, 2019 | 16:44
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user could request the token of that user. If the administrator was not authorized to perform web restores but the user was authorized to perform web restores, this would allow the administrator to impersonate the user with greater permissions. In order to exploit this vulnerability, the user would have to be an administrator with access to manage an organization with a user with greater permissions than themselves.

Action-Not Available
Vendor-code42n/a
Product-code42n/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-11280
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-1.45% / 70.22%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 18:35
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation through the invitations service

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-pivotal_application_servicePivotal Application Service (PAS)
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-10104
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.4||HIGH
EPSS-1.40% / 69.20%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-java_advanced_management_consoleJava
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-0932
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-1.26% / 65.90%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 14:00
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-edgeosEdgeRouter X
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-2562
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 23.53%
||
7 Day CHG~0.00%
Published-16 Feb, 2026 | 15:02
Updated-23 Feb, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privileges management

A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-jdcloudJingDong
Product-ax6600_firmwareax6600JD Cloud Box AX6600
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-0301
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-1.13% / 62.49%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 20:22
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.

Action-Not Available
Vendor-SAP SE
Product-identity_managementSAP Identity Management (REST Interface)
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-2563
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.43% / 34.20%
||
7 Day CHG~0.00%
Published-16 Feb, 2026 | 15:32
Updated-23 Feb, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JingDong JD Cloud Box AX6600 jdcapp_rpc controlDevice get_status privileges management

A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-jdcloudJingDong
Product-ax6600_firmwareax6600JD Cloud Box AX6600
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-4862
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.08% / 61.14%
||
7 Day CHG~0.00%
Published-03 Jan, 2018 | 09:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.

Action-Not Available
Vendor-n/aOctopus Deploy Pty. Ltd.
Product-octopus_deployn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-5706
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.00% / 58.63%
||
7 Day CHG-0.02%
Published-16 Jan, 2018 | 10:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.

Action-Not Available
Vendor-n/aOctopus Deploy Pty. Ltd.
Product-octopus_deployn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-2561
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 23.53%
||
7 Day CHG~0.00%
Published-16 Feb, 2026 | 14:32
Updated-23 Feb, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi web_get_ddns_uptime privileges management

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-jdcloudJingDong
Product-ax6600_firmwareax6600JD Cloud Box AX6600
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-4845
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-1.16% / 63.35%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the "Remote View" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.

Action-Not Available
Vendor-Siemens AG
Product-rapidlab_1200_firmwarerapidpoint_500_firmwarerapidpoint_500rapidpoint_400_firmwarerapidlab_1200rapidpoint_400RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems, RAPIDLab 1200 Series, RAPIDPoint 500 systems, RAPIDPoint 500 systems, RAPIDPoint 500 systems, RAPIDPoint 400 systems
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-2481
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.2||HIGH
EPSS-1.46% / 70.32%
||
7 Day CHG~0.00%
Published-13 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.

Action-Not Available
Vendor-SAP SE
Product-advanced_business_application_programmingSAP_ABA
CWE ID-CWE-269
Improper Privilege Management
CVE-2016-11002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.86% / 76.73%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 14:39
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.

Action-Not Available
Vendor-elegantthemesn/a
Product-extran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-20193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.30% / 66.88%
||
7 Day CHG~0.00%
Published-21 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.

Action-Not Available
Vendor-n/aPulse Secure
Product-secure_access_series_ssl_vpn_sa-4000n/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-19853
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.95% / 56.79%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 09:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account.

Action-Not Available
Vendor-hitshop_projectn/a
Product-hitshopn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-19648
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.37% / 68.50%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 20:04
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF.

Action-Not Available
Vendor-n/aAdtran, Inc
Product-pmaan/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-17855
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.90% / 77.16%
||
7 Day CHG~0.00%
Published-09 Oct, 2018 | 21:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-15762
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9||CRITICAL
EPSS-1.08% / 60.96%
||
7 Day CHG~0.00%
Published-02 Nov, 2018 | 22:00
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pivotal Operations Manager gives all users heightened privileges

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Cloud Foundry
Product-operations_managerPivotal Operations Manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-15207
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.38% / 68.87%
||
7 Day CHG~0.00%
Published-30 Apr, 2019 | 18:45
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.

Action-Not Available
Vendor-bpcbtn/a
Product-smartvistan/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-11786
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-1.90% / 77.21%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 14:00
Updated-17 Sep, 2024 | 02:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user.

Action-Not Available
Vendor-The Apache Software Foundation
Product-karafApache Karaf
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-11614
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.30% / 66.86%
||
7 Day CHG~0.00%
Published-24 Sep, 2018 | 23:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361.

Action-Not Available
Vendor-Samsung
Product-samsung_membersSamsung Members
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-10168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.57% / 72.39%
||
7 Day CHG~0.00%
Published-03 May, 2018 | 18:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-eap_controllern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-11190
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.71% / 84.16%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-1000865
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.64% / 73.47%
||
7 Day CHG~0.00%
Published-10 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.

Action-Not Available
Vendor-n/aJenkinsRed Hat, Inc.
Product-openshift_container_platformscript_securityn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-1000866
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.64% / 73.47%
||
7 Day CHG~0.00%
Published-10 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM

Action-Not Available
Vendor-n/aJenkinsRed Hat, Inc.
Product-pipeline\openshift_container_platformn/a
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found