Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-30 | CVE-2018-15207 | Improper Privilege Management vulnerability in Bpcbt Smartvista 2 BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. | 7.2 |
| 2019-04-29 | CVE-2019-4047 | Improper Privilege Management vulnerability in IBM Jazz Reporting Service 6.0.6 IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. | 4.3 |
| 2019-04-26 | CVE-2019-3843 | Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. | 7.8 |
| 2019-04-25 | CVE-2019-4222 | Improper Privilege Management vulnerability in IBM Sterling B2B Integrator 6.0.0.0/6.0.0.1 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. | 4.3 |
| 2019-04-24 | CVE-2019-3789 | Improper Privilege Management vulnerability in Cloudfoundry Routing Release Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. | 6.5 |
| 2019-04-16 | CVE-2019-7155 | Improper Privilege Management vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. | 6.5 |
| 2019-04-15 | CVE-2018-4008 | Improper Privilege Management vulnerability in Shimovpn Shimo VPN 4.1.5.1 An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. | 7.8 |
| 2019-04-11 | CVE-2019-6525 | Improper Privilege Management vulnerability in Aveva Wonderware System Platform 2014/2017 AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. | 8.8 |
| 2019-04-10 | CVE-2019-6287 | Improper Privilege Management vulnerability in Suse Rancher In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. | 8.1 |
| 2019-04-09 | CVE-2019-0735 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerability'. | 7.8 |