Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-20 | CVE-2020-6968 | Improper Privilege Management vulnerability in Honeywell Inncom Inncontrol Firmware 3.0/3.21 Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. | 7.8 |
| 2020-02-19 | CVE-2020-3112 | Improper Privilege Management vulnerability in Cisco Data Center Network Manager A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. | 8.8 |
| 2020-02-18 | CVE-2013-6295 | Improper Privilege Management vulnerability in Prestashop 1.5.5.0 PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | 9.8 |
| 2020-02-18 | CVE-2013-3323 | Improper Privilege Management vulnerability in IBM products A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | 9.8 |
| 2020-02-14 | CVE-2019-6195 | Improper Privilege Management vulnerability in Lenovo Xclarity Controller An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. | 4.8 |
| 2020-02-13 | CVE-2014-4170 | Improper Privilege Management vulnerability in Freereprintables Articlefr 3.0.4 A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. | 9.8 |
| 2020-02-11 | CVE-2020-0686 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
| 2020-02-07 | CVE-2020-8655 | Improper Privilege Management vulnerability in Eyesofnetwork 5.30 An issue was discovered in EyesOfNetwork 5.3. | 7.8 |
| 2020-02-06 | CVE-2015-2909 | Improper Privilege Management vulnerability in Netvu products Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. | 9.8 |
| 2020-02-06 | CVE-2016-9928 | Improper Privilege Management vulnerability in multiple products MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | 7.4 |