Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-6793 Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
network
low complexity
paloaltonetworks CWE-269
2.7
2023-12-12 CVE-2023-41119 Improper Privilege Management vulnerability in Enterprisedb Postgres Advanced Server
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0.
network
low complexity
enterprisedb CWE-269
8.8
2023-12-12 CVE-2023-50424 Improper Privilege Management vulnerability in SAP Cloud-Security-Client-Go
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges.
network
low complexity
sap CWE-269
critical
9.8
2023-12-12 CVE-2023-49583 Improper Privilege Management vulnerability in SAP @Sap/XSSec
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges.
network
low complexity
sap CWE-269
critical
9.8
2023-12-12 CVE-2023-50422 Improper Privilege Management vulnerability in SAP Cloud-Security-Services-Integration-Library
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges.
network
low complexity
sap CWE-269
critical
9.8
2023-12-12 CVE-2023-50423 Improper Privilege Management vulnerability in SAP Sap-XSSec
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges.
network
low complexity
sap CWE-269
critical
9.8
2023-12-05 CVE-2023-45083 Improper Privilege Management vulnerability in Softiron Hypercloud
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.
local
low complexity
softiron CWE-269
4.4
2023-12-01 CVE-2023-45253 Improper Privilege Management vulnerability in Huddly Huddlycameraservices
An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library.
local
low complexity
huddly CWE-269
7.8
2023-11-29 CVE-2023-6218 Improper Privilege Management vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.
network
low complexity
progress CWE-269
7.2
2023-11-28 CVE-2023-29066 Improper Privilege Management vulnerability in BD Facschorus
The FACSChorus software does not properly assign data access privileges for operating system user accounts.
low complexity
bd CWE-269
3.5