Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-31 | CVE-2018-15321 | Improper Privilege Management vulnerability in F5 products When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. | 4.9 |
| 2018-10-23 | CVE-2018-14828 | Improper Privilege Management vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | 7.8 |
| 2018-10-23 | CVE-2018-13400 | Improper Privilege Management vulnerability in Atlassian Jira Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 4.7 |
| 2018-10-15 | CVE-2018-15592 | Improper Privilege Management vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. | 7.8 |
| 2018-10-10 | CVE-2018-12596 | Improper Privilege Management vulnerability in Episerver Ektron CMS 9.00/9.10/9.20 Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins). | 9.8 |
| 2018-10-10 | CVE-2018-13802 | Improper Privilege Management vulnerability in Siemens ROX II Firmware A vulnerability has been identified in ROX II (All versions < V2.12.1). | 7.2 |
| 2018-10-10 | CVE-2018-13801 | Improper Privilege Management vulnerability in Siemens ROX II Firmware A vulnerability has been identified in ROX II (All versions < V2.12.1). | 8.8 |
| 2018-10-09 | CVE-2018-17855 | Improper Privilege Management vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.8.13. | 8.8 |
| 2018-10-05 | CVE-2018-0438 | Improper Privilege Management vulnerability in Cisco Umbrella Enterprise Roaming Client A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. | 7.8 |
| 2018-10-05 | CVE-2018-0437 | Improper Privilege Management vulnerability in Cisco products A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. | 7.8 |