Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-29 | CVE-2019-11891 | Improper Privilege Management vulnerability in Bosch Smart Home Controller Firmware A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. | 8.0 |
| 2019-05-28 | CVE-2019-7394 | Improper Privilege Management vulnerability in CA Risk Authentication and Strong Authentication A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. | 8.8 |
| 2019-05-16 | CVE-2019-1000 | Improper Privilege Management vulnerability in Microsoft Azure Active Directory Connect An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the Azure AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'. | 5.3 |
| 2019-05-14 | CVE-2019-0301 | Improper Privilege Management vulnerability in SAP Identity Management 2.0 Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing. | 8.8 |
| 2019-05-13 | CVE-2019-11888 | Improper Privilege Management vulnerability in Golang GO Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. | 9.8 |
| 2019-05-03 | CVE-2019-6617 | Improper Privilege Management vulnerability in F5 products On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. | 6.5 |
| 2019-05-03 | CVE-2019-3805 | Improper Privilege Management vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. | 4.7 |
| 2019-05-01 | CVE-2019-11632 | Improper Privilege Management vulnerability in Octopus Deploy and Octopus Server In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. | 8.1 |
| 2019-04-30 | CVE-2018-15207 | Improper Privilege Management vulnerability in Bpcbt Smartvista 2 BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. | 7.2 |
| 2019-04-29 | CVE-2019-4047 | Improper Privilege Management vulnerability in IBM Jazz Reporting Service 6.0.6 IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. | 4.3 |