Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-14 | CVE-2019-0301 | Improper Privilege Management vulnerability in SAP Identity Management 2.0 Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing. | 8.8 |
| 2019-05-13 | CVE-2019-11888 | Improper Privilege Management vulnerability in Golang GO Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. | 9.8 |
| 2019-05-03 | CVE-2019-6617 | Improper Privilege Management vulnerability in F5 products On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. | 6.5 |
| 2019-05-03 | CVE-2019-3805 | Improper Privilege Management vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. | 4.7 |
| 2019-05-01 | CVE-2019-11632 | Improper Privilege Management vulnerability in Octopus Deploy and Octopus Server In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. | 8.1 |
| 2019-04-30 | CVE-2018-15207 | Improper Privilege Management vulnerability in Bpcbt Smartvista 2 BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. | 7.2 |
| 2019-04-29 | CVE-2019-4047 | Improper Privilege Management vulnerability in IBM Jazz Reporting Service 6.0.6 IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. | 4.3 |
| 2019-04-26 | CVE-2019-3843 | Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. | 7.8 |
| 2019-04-25 | CVE-2019-4222 | Improper Privilege Management vulnerability in IBM Sterling B2B Integrator 6.0.0.0/6.0.0.1 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. | 4.3 |
| 2019-04-24 | CVE-2019-3789 | Improper Privilege Management vulnerability in Cloudfoundry Routing Release Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. | 6.5 |