Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-20759 | Improper Privilege Management vulnerability in Cisco Firepower Threat Defense A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. | 8.8 |
| 2022-05-02 | CVE-2021-36784 | Improper Privilege Management vulnerability in Suse Rancher A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. | 6.5 |
| 2022-05-02 | CVE-2021-4200 | Improper Privilege Management vulnerability in Suse Rancher A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. | 5.4 |
| 2022-04-29 | CVE-2021-36207 | Improper Privilege Management vulnerability in Johnsoncontrols products Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. | 8.5 |
| 2022-04-29 | CVE-2022-1227 | Improper Privilege Management vulnerability in multiple products A privilege escalation flaw was found in Podman. | 8.8 |
| 2022-04-22 | CVE-2022-1107 | Improper Privilege Management vulnerability in Lenovo products During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. | 7.2 |
| 2022-04-22 | CVE-2022-1108 | Improper Privilege Management vulnerability in Lenovo Thinkpad X1 Fold GEN 1 Firmware A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. | 7.2 |
| 2022-04-19 | CVE-2021-3100 | Improper Privilege Management vulnerability in Amazon Log4Jhotpatch The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. | 8.8 |
| 2022-04-19 | CVE-2021-3101 | Improper Privilege Management vulnerability in Hotdog Project Hotdog Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. | 8.8 |
| 2022-04-19 | CVE-2022-0070 | Improper Privilege Management vulnerability in Amazon Log4Jhotpatch Incomplete fix for CVE-2021-3100. | 8.8 |