Vulnerabilities > Improper Privilege Management
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-13 | CVE-2017-4992 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. | 9.8 |
2017-06-13 | CVE-2017-4991 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. | 7.2 |
2017-06-13 | CVE-2017-4973 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. | 8.8 |
2017-06-13 | CVE-2016-8219 | Improper Privilege Management vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. | 6.5 |
2017-06-12 | CVE-2017-9324 | Improper Privilege Management vulnerability in multiple products In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. | 8.8 |
2017-06-07 | CVE-2017-7312 | Improper Privilege Management vulnerability in Personifycorp Personify360 7.5.2/7.6/7.6.1 An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. | 9.8 |
2017-06-06 | CVE-2016-2192 | Improper Privilege Management vulnerability in Pl/Java Project Pl/Java PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own. | 6.5 |
2017-06-06 | CVE-2016-0767 | Improper Privilege Management vulnerability in Pl/Java Project Pl/Java PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath. | 6.5 |
2017-06-05 | CVE-2017-8438 | Improper Privilege Management vulnerability in Elastic X-Pack Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. | 8.8 |
2017-05-26 | CVE-2017-7505 | Improper Privilege Management vulnerability in Theforeman Foreman Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. | 8.8 |