Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-23921

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-25 Feb, 2022 | 18:10
Updated At-16 Apr, 2025 | 18:00
Rejected At-
Credits

ICSA-22-053-01 GE Proficy CIMPLICITY-IPM

Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:25 Feb, 2022 | 18:10
Updated At:16 Apr, 2025 | 18:00
Rejected At:
▼CVE Numbering Authority (CNA)
ICSA-22-053-01 GE Proficy CIMPLICITY-IPM

Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.

Affected Products
Vendor
General Electric
Product
Proficy CIMPLICITY
Versions
Affected
  • From all through 11.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

GE Digital recommends users upgrade all instances of the affected software to GE Digital’s Proficy CIMPLICITY, released January 2022 (Upgrade) and follow the instructions in the Secure Deployment Guide to restrict which CIMPLICITY projects are allowed to run. The upgrade contains what GE believes are mitigation measures to help ensure the vulnerability cannot be exploited. Users are encouraged to contact a GE Digital representative for the latest versions of the update. For users who choose to not implement the upgrade, GE Digital recommends applying the instructions in CIMPLICITY’s Secure Deployment Guide to ensure access to the CIMPLICITY machines and directories are properly controlled via access control limits.

Configurations
Workarounds
Exploits
Credits
Yuval Ardon and Roman Dvorkin of OTORIO reported this vulnerability to CISA
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01
x_refsource_MISC
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01
x_refsource_MISC
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:25 Feb, 2022 | 19:15
Updated At:08 Mar, 2022 | 15:24

Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.03.7LOW
AV:L/AC:H/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 3.7
Base severity: LOW
Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:P
CPE Matches
ge
ge
>>proficy_cimplicitiy>>Versions up to 11.1(inclusive)
cpe:2.3:a:ge:proficy_cimplicitiy:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE-269Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

704Records found
CVE-2017-20107
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.00%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 06:40
Updated-15 Apr, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ShadeYouVPN.com Client privileges management

A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-shadeyouvpn.com_projectShadeYouVPN.comMicrosoft Corporation
Product-windowsshadeyouvpn.comClient
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.52%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 11:51
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.Microsoft Corporation
Product-windowsmanageengine_remote_access_plus_servern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-18838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.09%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:58
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-m4300-52g_firmwarem4300-52gm4300-12x12f_firmwarem4300-28gm4300-28g-poe\+m4300-48x_firmwarem4300-48xm4200m4300-52g-poe\+_firmwarem4300-8x8fm4300-24x_firmwarem4300-28g-poe\+_firmwarem4300-28g_firmwarem4300-52g-poe\+m4300-12x12fm4300-8x8f_firmwarem4200_firmwarem4300-24x24f_firmwarem4300-24x24fm4300-24xn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42322
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Elevation of Privilege Vulnerability

Visual Studio Code Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42286
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.78%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-18 Nov, 2024 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability

Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_10windows_server_2016Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-47145
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-07 Jan, 2024 | 18:58
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Windows privilege escalation

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

Action-Not Available
Vendor-IBM CorporationMicrosoft Corporation
Product-windowsdb2Db2db2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42105
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.58%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42106
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.58%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42283
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.85%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

NTFS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42108
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.58%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41366
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.29%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40488
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.39%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40478
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.39%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40447
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.16%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-9222
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7||HIGH
EPSS-0.03% / 9.29%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 09:50
Updated-15 Jan, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-47201
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.39%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 20:38
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47200.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex OneTrend Micro Apex One as a Serviceapex_one
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41339
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.21% / 43.28%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-24408
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.96%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 11:31
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_mc_firmwaresinumerik_onesinumerik_one_firmwaresinumerik_mcSINUMERIK MCSINUMERIK ONE
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40477
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 51.92%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41367
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.37%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

NTFS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41334
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.20% / 41.49%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Desktop Bridge Elevation of Privilege Vulnerability

Windows Desktop Bridge Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41345
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.49%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:28
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40467
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-39784
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.25%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21343
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.60%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-9068
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.5||HIGH
EPSS-0.00% / 0.15%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 12:23
Updated-24 Oct, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation FactoryTalk® Linx Privilege Escalation Vulnerabilities

A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-factorytalk_linxFactoryTalk Linx
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-44282
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.83%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:16
Updated-29 Aug, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38626
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.78%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38625
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.78%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3808
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.14%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 20:52
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zbook_17_g4mp9_g4_retail_systemproone_600_g4_21.5-inch_touch_all-in-one_business_pcelitebook_840_g5_firmwarezbook_15_g4zbook_14u_g6prodesk_400_g4_small_form_factor_pchp_z1_entry_tower_g5zhan_66_pro_15_g2_firmwareprodesk_600_g5_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwareelitebook_1040_g4elitedesk_800_35w_g4_desktop_mini_pc_firmwareelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pcprobook_x360_11_g2_ee_firmwareelitebook_735_g6_firmwareprodesk_400_g4_small_form_factor_pc_firmwareelitebook_x360_1030_g4_firmwareprobook_470_g4_firmwareprobook_x360_11_g3_ee_firmwarezhan_66_pro_13_g2hp_z2_mini_g5hp_mt21_mobile_thin_client_firmwareelitebook_755_g5_firmwarezbook_17_g6hp_z2_tower_g5engage_flex_pro_retail_systemelitedesk_705_g4_workstationhp_mt21_mobile_thin_clientelite_sliceelitebook_x360_1030_g3_firmwarehp_z2_mini_g4_firmwareprobook_640_g3probook_445r_g6_firmwareelitedesk_705_g4_desktop_mini_pc_firmwareprodesk_400_g6_small_form_factor_pcelitebook_846_g5_firmwareprodesk_600_g5_desktop_mini_pcelitedesk_800_g4_tower_pcprodesk_600_g3_microtower_pcelitebook_735_g5proone_400_g5_23.8-inch_all-in-one_business_pcprobook_640_g4_firmwareprobook_655_g3_firmwareprobook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmwareelitedesk_880_g3_tower_pcprodesk_680_g3_microtower_pc_firmwareprodesk_600_g3_desktop_mini_pc_firmwareprobook_650_g3probook_640_g5_firmwareelite_slice_g2_firmwareprodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarehp_z240_small_form_factor_firmwareelitebook_828_g4proone_600_g5_21.5-in_all-in-one_business_pc_firmwareelitebook_735_g6probook_455_g4probook_650_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwarezbook_studio_x360_g5_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwarezbook_17_g6_firmwareprodesk_400_g3_desktop_mini_pc_firmwareprobook_445_g6_firmwareeliteone_800_g4_23.8-in_all-in-one_business_pchp_z1_all-in-one_g3_firmwareelitebook_x360_1030_g2_firmwarezhan_66_pro_14_g2elitedesk_705_g4_desktop_mini_pcpro_x2_612_g2engage_flex_pro_retail_system_firmwareprodesk_400_g5_microtower_pcprodesk_400_g3_desktop_mini_pcprodesk_400_g5_microtower_pc_firmwareprodesk_405_g4_desktop_mini_pc_firmwareengage_flex_pro-c_retail_system_firmwareelitedesk_880_g4_tower_pcproone_440_g5_23.8-in_all-in-one_business_pc_firmwareelitedesk_800_g4_small_form_factor_pc_firmwareelitedesk_800_g4_small_form_factor_pcprobook_640_g3_firmwareprodesk_480_g4_microtower_pcelitebook_745_g6_firmwarezbook_14u_g5probook_430_g4probook_430_g4_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemzbook_14u_g4probook_650_g3_firmwareprobook_470_g5elitedesk_705_g3_microtower_pc_firmwareelitebook_745_g6probook_455_g6_firmwarehp_z2_mini_g4elitedesk_880_g5_tower_pc_firmwareprodesk_480_g6_microtower_pc_firmwareelitebook_x360_1030_g2hp_z2_tower_g4_firmwareelitedesk_705_g5_desktop_mini_pc_firmwareelitedesk_705_g5_small_form_factor_pcelitedesk_800_g5_tower_pcprobook_645_g4_firmwareprodesk_400_g4_desktop_mini_pc_firmwareprodesk_400_g4_microtower_pc_firmwareelitedesk_705_g5_small_form_factor_pc_firmwarezbook_x2_g4_firmwareelitebook_x360_1040_g6probook_455r_g6elite_dragonflyzhan_x_13_g2prodesk_600_g4_desktop_mini_pchp_z1_entry_tower_g5_firmwareeliteone_800_g5_23.8-in_all-in-oneprodesk_600_g5_desktop_mini_pc_firmwareprobook_655_g3probook_650_g5prodesk_600_g5_microtower_pczbook_15u_g6elitebook_x360_1020_g2_firmwarehp_z240_tower_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pchp_z240_towerprobook_450_g4probook_x360_11_g3_eeprobook_445_g6probook_455r_g6_firmwareelitebook_830_g5_firmwareprodesk_680_g4_microtower_pcmp9_g4_retail_system_firmwareprodesk_600_g4_small_form_factor_pcelitebook_836_g6_firmwareelitedesk_800_g4_workstationelitedesk_800_g5_small_form_factor_pc_firmwareengage_go_mobile_systemproone_400_g5_23.8-inch_all-in-one_business_pc_firmwarehp_z2_mini_g3prodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pchp_z1_all-in-one_g3elitebook_850_g6_firmwareprobook_455_g5elitedesk_705_g3_desktop_mini_pcprobook_645_g3probook_430_g5_firmwarehp_z2_mini_g3_firmwareelitebook_846_g5elite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwareprobook_440_g6elite_slice_firmwareelitebook_745_g4zbook_studio_x360_g5elitedesk_705_g4_small_form_factor_pc_firmwareelitedesk_800_g3_tower_pceliteone_800_g3_23.8_non-touch_all-in-one_business_pcelitebook_745_g5elitedesk_705_g3_microtower_pchp_z2_small_form_factor_g4_firmwarehp_z238_microtower_firmwarezbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcelitebook_840_g4_firmwareprodesk_600_g4_small_form_factor_pc_firmwarezbook_17_g5probook_640_g5zbook_17_g5_firmwareelitebook_850_g5probook_455_g4_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwareelitebook_840_g5prodesk_405_g4_small_form_factor_pc_firmwarezbook_15u_g5_firmwareelitebook_x360_1040_g5_firmwareelitebook_725_g4_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareelitebook_x360_1040_g6_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g5_desktop_mini_pczhan_66_pro_g1zbook_15_g6_firmwareprobook_11_ee_g2zbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmwareprobook_440_g4probook_x360_11_g4_ee_firmwareelitebook_x360_830_g5_firmwareelitedesk_705_g3_small_form_factor_pchp_z2_small_form_factor_g4prodesk_600_g3_small_form_factor_pc_firmwareelitebook_x360_1040_g5elitebook_840_g6zbook_15_g5elitedesk_705_g4_microtower_pczbook_studio_g4prodesk_680_g3_microtower_pcprodesk_680_g4_microtower_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pcelitedesk_800_35w_g4_desktop_mini_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelitedesk_800_g5_desktop_mini_pcelite_dragonfly_firmwareelitebook_840_g4zhan_66_pro_14_g2_firmwarezbook_15_g5_firmwareprobook_645_g3_firmwareprodesk_400_g4_desktop_mini_pcprobook_450_g5proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareelitebook_840r_g4_firmwareprobook_470_g4prodesk_600_g3_small_form_factor_pcelitedesk_880_g4_tower_pc_firmwareelitebook_725_g4elitedesk_800_g5_desktop_mini_pc_firmwareelitebook_735_g5_firmwareelite_x2_1012_g2elitebook_840_g6_firmwareelitedesk_705_g3_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareengage_one_aio_systemprobook_440_g4_firmwareprobook_x360_11_g4_eezhan_x_13_g2_firmwareprobook_455_g5_firmwareelite_x2_1013_g3prodesk_400_g5_desktop_mini_pcprodesk_600_g4_microtower_pc_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g3_microtower_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pcelitebook_x360_830_g6_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pcelitebook_850_g4_firmwareprobook_430_g6prodesk_400_g6_microtower_pc_firmwarehp_mt45_mobile_thin_client_firmwareprodesk_405_g4_small_form_factor_pchp_z2_small_form_factor_g5_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcprobook_450_g4_firmwareelitebook_850_g6elitedesk_800_35w_g3_desktop_mini_pceliteone_800_g4_23.8-in_all-in-one_business_pc_firmwareprodesk_480_g6_microtower_pcprobook_11_ee_g2_firmwareelitebook_820_g4_firmwareelitedesk_800_g3_tower_pc_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5zbook_14u_g6_firmwareprobook_645_g4probook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3hp_z2_tower_g4elitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareprodesk_400_g5_small_form_factor_pchp_z240_small_form_factorprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarehp_z2_mini_g5_firmwarehp_z2_tower_g5_firmwareelitebook_850_g5_firmwareelitebook_1040_g4_firmwarehp_mt44_mobile_thin_clientelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pczbook_14u_g5_firmwareelitebook_755_g5probook_445r_g6elitedesk_800_g5_tower_pc_firmwareelitebook_x360_830_g6probook_440_g5_firmwarehp_z238_microtowerelitebook_830_g6zbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareprobook_x360_11_g2_eezhan_66_pro_15_g2probook_650_g5_firmwareelitebook_745_g5_firmwareprobook_450_g6elitedesk_705_g4_small_form_factor_pcengage_go_mobile_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pcprobook_440_g6_firmwareelitebook_850_g4hp_mt31_mobile_thin_client_firmwareelitebook_745_g4_firmwareeliteone_800_g3_23.8_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g4_workstation_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwarezbook_x2_g4elitebook_755_g4_firmwarezbook_15_g6elitedesk_705_g3_small_form_factor_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elite_x2_1012_g2_firmwareprobook_470_g5_firmwareprobook_650_g4elitebook_848_g4engage_one_aio_system_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_705_g4_microtower_pc_firmwareprodesk_600_g5_small_form_factor_pc_firmwareprobook_430_g5engage_go_10_mobile_systemelitedesk_800_g5_small_form_factor_pcprobook_455_g6engage_go_10_mobile_system_firmwarehp_z2_small_form_factor_g5zbook_15u_g4_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pchp_mt45_mobile_thin_clientzbook_17_g4_firmwareprodesk_405_g4_desktop_mini_pchp_mt44_mobile_thin_client_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmwareelitedesk_800_g4_workstation_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwarehp_mt31_mobile_thin_clientelitebook_x360_1020_g2probook_450_g5_firmwareelitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwarezbook_15u_g5elitedesk_800_65w_g3_desktop_mini_pceliteone_800_g5_23.8-in_all-in-one_firmwarezbook_15u_g4elite_x2_g4_firmwareelitebook_830_g5prodesk_480_g5_microtower_pc_firmwareelite_slice_g2elitebook_755_g4HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38630
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.85%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38639
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.77% / 73.16%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38633
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.54%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-18 Nov, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37942
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-7||HIGH
EPSS-0.09% / 26.12%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 01:33
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.

Action-Not Available
Vendor-Elasticsearch BV
Product-apm_java_agentElastic APM Java Agent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38628
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.36%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38638
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.37%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-16 Dec, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2019windows_server_2022windows_server_2008windows_8.1windows_7windows_server_2016windows_rt_8.1windows_server_2012Windows 10 Version 20H2Windows 10 Version 1507Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 2004Windows Server 2019Windows Server 2012 R2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 2004Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows Server 2012Windows 10 Version 1909Windows Server 2016Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows Server 2016 (Server Core installation)Windows 7Windows Server version 20H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37852
Matching Score-4
Assigner-ESET, spol. s r.o.
ShareView Details
Matching Score-4
Assigner-ESET, spol. s r.o.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.04%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 05:14
Updated-16 Sep, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LPE in ESET products for Windows

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-ESET, spol. s r. o.
Product-securityserver_securityinternet_securitynod32_antivirusfile_securityendpoint_antivirusendpoint_securitysmart_securitymail_securityESET Server Security for Microsoft Windows ServerESET File Security for Microsoft Windows ServerESET Server Security for Microsoft AzureESET NOD32 AntivirusESET Internet SecurityESET Endpoint Security for WindowsESET Mail Security for IBM DominoESET Endpoint Antivirus for WindowsESET Security for Microsoft SharePoint ServerESET Smart SecurityESET Mail Security for Microsoft Exchange Server
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3809
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.14%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 20:53
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zbook_17_g4mp9_g4_retail_systemproone_600_g4_21.5-inch_touch_all-in-one_business_pcelitebook_840_g5_firmwarezbook_15_g4zbook_14u_g6prodesk_400_g4_small_form_factor_pchp_z1_entry_tower_g5zhan_66_pro_15_g2_firmwareprodesk_600_g5_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwareelitebook_1040_g4elitedesk_800_35w_g4_desktop_mini_pc_firmwareelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pcprobook_x360_11_g2_ee_firmwareelitebook_735_g6_firmwareprodesk_400_g4_small_form_factor_pc_firmwareelitebook_x360_1030_g4_firmwareprobook_470_g4_firmwareprobook_x360_11_g3_ee_firmwarezhan_66_pro_13_g2hp_z2_mini_g5hp_mt21_mobile_thin_client_firmwareelitebook_755_g5_firmwarezbook_17_g6hp_z2_tower_g5engage_flex_pro_retail_systemelitedesk_705_g4_workstationhp_mt21_mobile_thin_clientelite_sliceelitebook_x360_1030_g3_firmwarehp_z2_mini_g4_firmwareprobook_640_g3probook_445r_g6_firmwareelitedesk_705_g4_desktop_mini_pc_firmwareprodesk_400_g6_small_form_factor_pcelitebook_846_g5_firmwareprodesk_600_g5_desktop_mini_pcelitedesk_800_g4_tower_pcprodesk_600_g3_microtower_pcelitebook_735_g5proone_400_g5_23.8-inch_all-in-one_business_pcprobook_640_g4_firmwareprobook_655_g3_firmwareprobook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmwareelitedesk_880_g3_tower_pcprodesk_680_g3_microtower_pc_firmwareprodesk_600_g3_desktop_mini_pc_firmwareprobook_650_g3probook_640_g5_firmwareelite_slice_g2_firmwareprodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarehp_z240_small_form_factor_firmwareelitebook_828_g4proone_600_g5_21.5-in_all-in-one_business_pc_firmwareelitebook_735_g6probook_455_g4probook_650_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwarezbook_studio_x360_g5_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwarezbook_17_g6_firmwareprodesk_400_g3_desktop_mini_pc_firmwareprobook_445_g6_firmwareeliteone_800_g4_23.8-in_all-in-one_business_pchp_z1_all-in-one_g3_firmwareelitebook_x360_1030_g2_firmwarezhan_66_pro_14_g2elitedesk_705_g4_desktop_mini_pcpro_x2_612_g2engage_flex_pro_retail_system_firmwareprodesk_400_g5_microtower_pcprodesk_400_g3_desktop_mini_pcprodesk_400_g5_microtower_pc_firmwareprodesk_405_g4_desktop_mini_pc_firmwareengage_flex_pro-c_retail_system_firmwareelitedesk_880_g4_tower_pcproone_440_g5_23.8-in_all-in-one_business_pc_firmwareelitedesk_800_g4_small_form_factor_pc_firmwareelitedesk_800_g4_small_form_factor_pcprobook_640_g3_firmwareprodesk_480_g4_microtower_pcelitebook_745_g6_firmwarezbook_14u_g5probook_430_g4probook_430_g4_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemzbook_14u_g4probook_650_g3_firmwareprobook_470_g5elitedesk_705_g3_microtower_pc_firmwareelitebook_745_g6probook_455_g6_firmwarehp_z2_mini_g4elitedesk_880_g5_tower_pc_firmwareprodesk_480_g6_microtower_pc_firmwareelitebook_x360_1030_g2hp_z2_tower_g4_firmwareelitedesk_705_g5_desktop_mini_pc_firmwareelitedesk_705_g5_small_form_factor_pcelitedesk_800_g5_tower_pcprobook_645_g4_firmwareprodesk_400_g4_desktop_mini_pc_firmwareprodesk_400_g4_microtower_pc_firmwareelitedesk_705_g5_small_form_factor_pc_firmwarezbook_x2_g4_firmwareelitebook_x360_1040_g6probook_455r_g6elite_dragonflyzhan_x_13_g2prodesk_600_g4_desktop_mini_pchp_z1_entry_tower_g5_firmwareeliteone_800_g5_23.8-in_all-in-oneprodesk_600_g5_desktop_mini_pc_firmwareprobook_655_g3probook_650_g5prodesk_600_g5_microtower_pczbook_15u_g6elitebook_x360_1020_g2_firmwarehp_z240_tower_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pchp_z240_towerprobook_450_g4probook_x360_11_g3_eeprobook_445_g6probook_455r_g6_firmwareelitebook_830_g5_firmwareprodesk_680_g4_microtower_pcmp9_g4_retail_system_firmwareprodesk_600_g4_small_form_factor_pcelitebook_836_g6_firmwareelitedesk_800_g4_workstationelitedesk_800_g5_small_form_factor_pc_firmwareengage_go_mobile_systemproone_400_g5_23.8-inch_all-in-one_business_pc_firmwarehp_z2_mini_g3prodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pchp_z1_all-in-one_g3elitebook_850_g6_firmwareprobook_455_g5elitedesk_705_g3_desktop_mini_pcprobook_645_g3probook_430_g5_firmwarehp_z2_mini_g3_firmwareelitebook_846_g5elite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwareprobook_440_g6elite_slice_firmwareelitebook_745_g4zbook_studio_x360_g5elitedesk_705_g4_small_form_factor_pc_firmwareelitedesk_800_g3_tower_pceliteone_800_g3_23.8_non-touch_all-in-one_business_pcelitebook_745_g5elitedesk_705_g3_microtower_pchp_z2_small_form_factor_g4_firmwarehp_z238_microtower_firmwarezbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcelitebook_840_g4_firmwareprodesk_600_g4_small_form_factor_pc_firmwarezbook_17_g5probook_640_g5zbook_17_g5_firmwareelitebook_850_g5probook_455_g4_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwareelitebook_840_g5prodesk_405_g4_small_form_factor_pc_firmwarezbook_15u_g5_firmwareelitebook_x360_1040_g5_firmwareelitebook_725_g4_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareelitebook_x360_1040_g6_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g5_desktop_mini_pczhan_66_pro_g1zbook_15_g6_firmwareprobook_11_ee_g2zbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmwareprobook_440_g4probook_x360_11_g4_ee_firmwareelitebook_x360_830_g5_firmwareelitedesk_705_g3_small_form_factor_pchp_z2_small_form_factor_g4prodesk_600_g3_small_form_factor_pc_firmwareelitebook_x360_1040_g5elitebook_840_g6zbook_15_g5elitedesk_705_g4_microtower_pczbook_studio_g4prodesk_680_g3_microtower_pcprodesk_680_g4_microtower_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pcelitedesk_800_35w_g4_desktop_mini_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelitedesk_800_g5_desktop_mini_pcelite_dragonfly_firmwareelitebook_840_g4zhan_66_pro_14_g2_firmwarezbook_15_g5_firmwareprobook_645_g3_firmwareprodesk_400_g4_desktop_mini_pcprobook_450_g5proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareelitebook_840r_g4_firmwareprobook_470_g4prodesk_600_g3_small_form_factor_pcelitedesk_880_g4_tower_pc_firmwareelitebook_725_g4elitedesk_800_g5_desktop_mini_pc_firmwareelitebook_735_g5_firmwareelite_x2_1012_g2elitebook_840_g6_firmwareelitedesk_705_g3_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareengage_one_aio_systemprobook_440_g4_firmwareprobook_x360_11_g4_eezhan_x_13_g2_firmwareprobook_455_g5_firmwareelite_x2_1013_g3prodesk_400_g5_desktop_mini_pcprodesk_600_g4_microtower_pc_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g3_microtower_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pcelitebook_x360_830_g6_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pcelitebook_850_g4_firmwareprobook_430_g6prodesk_400_g6_microtower_pc_firmwarehp_mt45_mobile_thin_client_firmwareprodesk_405_g4_small_form_factor_pchp_z2_small_form_factor_g5_firmwareeliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcprobook_450_g4_firmwareelitebook_850_g6elitedesk_800_35w_g3_desktop_mini_pceliteone_800_g4_23.8-in_all-in-one_business_pc_firmwareprodesk_480_g6_microtower_pcprobook_11_ee_g2_firmwareelitebook_820_g4_firmwareelitedesk_800_g3_tower_pc_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5zbook_14u_g6_firmwareprobook_645_g4probook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3hp_z2_tower_g4elitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareprodesk_400_g5_small_form_factor_pchp_z240_small_form_factorprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarehp_z2_mini_g5_firmwarehp_z2_tower_g5_firmwareelitebook_850_g5_firmwareelitebook_1040_g4_firmwarehp_mt44_mobile_thin_clientelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pczbook_14u_g5_firmwareelitebook_755_g5probook_445r_g6elitedesk_800_g5_tower_pc_firmwareelitebook_x360_830_g6probook_440_g5_firmwarehp_z238_microtowerelitebook_830_g6zbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareprobook_x360_11_g2_eezhan_66_pro_15_g2probook_650_g5_firmwareelitebook_745_g5_firmwareprobook_450_g6elitedesk_705_g4_small_form_factor_pcengage_go_mobile_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pcprobook_440_g6_firmwareelitebook_850_g4hp_mt31_mobile_thin_client_firmwareelitebook_745_g4_firmwareeliteone_800_g3_23.8_non-touch_all-in-one_business_pc_firmwareelitedesk_705_g4_workstation_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwarezbook_x2_g4elitebook_755_g4_firmwarezbook_15_g6elitedesk_705_g3_small_form_factor_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elite_x2_1012_g2_firmwareprobook_470_g5_firmwareprobook_650_g4elitebook_848_g4engage_one_aio_system_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_705_g4_microtower_pc_firmwareprodesk_600_g5_small_form_factor_pc_firmwareprobook_430_g5engage_go_10_mobile_systemelitedesk_800_g5_small_form_factor_pcprobook_455_g6engage_go_10_mobile_system_firmwarehp_z2_small_form_factor_g5zbook_15u_g4_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pchp_mt45_mobile_thin_clientzbook_17_g4_firmwareprodesk_405_g4_desktop_mini_pchp_mt44_mobile_thin_client_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmwareelitedesk_800_g4_workstation_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwarehp_mt31_mobile_thin_clientelitebook_x360_1020_g2probook_450_g5_firmwareelitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwarezbook_15u_g5elitedesk_800_65w_g3_desktop_mini_pceliteone_800_g5_23.8-in_all-in-one_firmwarezbook_15u_g4elite_x2_g4_firmwareelitebook_830_g5prodesk_480_g5_microtower_pc_firmwareelite_slice_g2elitebook_755_g4HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-69875
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-11 Feb, 2026 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation.

Action-Not Available
Vendor-quickhealn/a
Product-total_securityn/a
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2017-12728
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.30%
||
7 Day CHG~0.00%
Published-04 Oct, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.

Action-Not Available
Vendor-spidercontroln/a
Product-scada_webserverSpiderControl SCADA Web Server
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36927
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:12
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability

Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_8.1windows_rt_8.1windows_7windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server 2012 R2 (Server Core installation)Windows 7 Service Pack 1
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-5291
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-0.19% / 40.78%
||
7 Day CHG~0.00%
Published-31 Mar, 2020 | 18:00
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in setuid mode via user namespaces in Bubblewrap

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update.

Action-Not Available
Vendor-projectatomiccentosarchlinuxcontainersDebian GNU/Linux
Product-bubblewrapdebian_linuxcentosarch_linuxbubblewrap
CWE ID-CWE-648
Incorrect Use of Privileged APIs
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36964
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.85%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-67792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.02% / 2.95%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 00:00
Updated-18 Dec, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers.

Action-Not Available
Vendor-drivelockn/a
Product-drivelockn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36975
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.98%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36966
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.88%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Subsystem for Linux Elevation of Privilege Vulnerability

Windows Subsystem for Linux Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36968
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.36%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Elevation of Privilege Vulnerability

Windows DNS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows 7Windows 7 Service Pack 1
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36957
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.36%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-18 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Desktop Bridge Elevation of Privilege Vulnerability

Windows Desktop Bridge Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36974
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.82%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Elevation of Privilege Vulnerability

Windows SMB Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36954
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.88%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bind Filter Driver Elevation of Privilege Vulnerability

Windows Bind Filter Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found