Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-26062 | Improper Privilege Management vulnerability in Nokia web Element Manager 21B A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. | 7.8 |
| 2023-06-07 | CVE-2019-25151 | Improper Privilege Management vulnerability in Cartflows The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. | 4.3 |
| 2023-06-06 | CVE-2023-2833 | Improper Privilege Management vulnerability in Wpdeveloper Reviewx The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. | 8.8 |
| 2023-06-05 | CVE-2023-3027 | Improper Privilege Management vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.5/2.6/2.7 The grc-policy-propagator allows security escalation within the cluster. | 7.8 |
| 2023-06-01 | CVE-2023-32713 | Improper Privilege Management vulnerability in Splunk APP for Stream In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user. | 9.9 |
| 2023-05-30 | CVE-2023-29734 | Improper Privilege Management vulnerability in MWM Edjing MIX 7.09.01 An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database. | 9.8 |
| 2023-05-30 | CVE-2023-32696 | Improper Privilege Management vulnerability in Okfn Ckan CKAN is an open-source data management system for powering data hubs and data portals. | 8.8 |
| 2023-05-30 | CVE-2023-30601 | Improper Privilege Management vulnerability in Apache Cassandra Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false. | 7.8 |
| 2023-05-22 | CVE-2023-31062 | Improper Privilege Management vulnerability in Apache Inlong Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | 9.8 |
| 2023-05-20 | CVE-2023-1693 | Improper Privilege Management vulnerability in Huawei Emui and Harmonyos The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | 7.5 |