Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-6992 | Improper Privilege Management vulnerability in GE Cimplicity A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. | 6.7 |
| 2020-04-15 | CVE-2020-1014 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. | 7.8 |
| 2020-04-15 | CVE-2020-0935 | Improper Privilege Management vulnerability in Microsoft Onedrive An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. | 5.5 |
| 2020-04-15 | CVE-2020-7255 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. | 4.4 |
| 2020-04-15 | CVE-2020-7274 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | 7.8 |
| 2020-04-15 | CVE-2020-7273 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters. | 5.5 |
| 2020-04-15 | CVE-2020-7259 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | 7.8 |
| 2020-04-15 | CVE-2020-7257 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. | 6.3 |
| 2020-04-14 | CVE-2020-8327 | Improper Privilege Management vulnerability in Lenovo Vantage 10.2001.12.0/4.0.49.0 A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. | 7.8 |
| 2020-04-14 | CVE-2020-6236 | Improper Privilege Management vulnerability in SAP Adaptive Extensions and Landscape Management SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. | 7.2 |