Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-12 | CVE-2017-9324 | Improper Privilege Management vulnerability in multiple products In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. | 8.8 |
| 2017-06-07 | CVE-2017-7312 | Improper Privilege Management vulnerability in Personifycorp Personify360 7.5.2/7.6/7.6.1 An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. | 9.8 |
| 2017-06-06 | CVE-2016-2192 | Improper Privilege Management vulnerability in Pl/Java Project Pl/Java PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own. | 6.5 |
| 2017-06-06 | CVE-2016-0767 | Improper Privilege Management vulnerability in Pl/Java Project Pl/Java PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath. | 6.5 |
| 2017-06-05 | CVE-2017-8438 | Improper Privilege Management vulnerability in Elastic X-Pack Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. | 8.8 |
| 2017-05-26 | CVE-2017-7505 | Improper Privilege Management vulnerability in Theforeman Foreman Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. | 8.8 |
| 2017-05-18 | CVE-2017-6623 | Improper Privilege Management vulnerability in Cisco Policy Suite 10.0.0/10.1.0/11.0.0 A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. | 7.8 |
| 2017-05-15 | CVE-2017-7489 | Improper Privilege Management vulnerability in Moodle In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | 6.3 |
| 2017-05-08 | CVE-2017-4982 | Improper Privilege Management vulnerability in EMC Mainframe Enablers Resourcepak Base 7.6.0/8.0.0/8.1.0 EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 9.8 |
| 2017-04-29 | CVE-2017-8114 | Improper Privilege Management vulnerability in Roundcube Webmail Roundcube Webmail allows arbitrary password resets by authenticated users. | 8.8 |