Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-10 | CVE-2018-12596 | Improper Privilege Management vulnerability in Episerver Ektron CMS 9.00/9.10/9.20 Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins). | 9.8 |
| 2018-10-10 | CVE-2018-13802 | Improper Privilege Management vulnerability in Siemens ROX II Firmware A vulnerability has been identified in ROX II (All versions < V2.12.1). | 7.2 |
| 2018-10-10 | CVE-2018-13801 | Improper Privilege Management vulnerability in Siemens ROX II Firmware A vulnerability has been identified in ROX II (All versions < V2.12.1). | 8.8 |
| 2018-10-09 | CVE-2018-17855 | Improper Privilege Management vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.8.13. | 8.8 |
| 2018-10-05 | CVE-2018-0438 | Improper Privilege Management vulnerability in Cisco Umbrella Enterprise Roaming Client A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. | 7.8 |
| 2018-10-05 | CVE-2018-0437 | Improper Privilege Management vulnerability in Cisco products A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. | 7.8 |
| 2018-10-05 | CVE-2018-0436 | Improper Privilege Management vulnerability in Cisco Webex Teams A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. | 8.7 |
| 2018-10-05 | CVE-2018-0425 | Improper Privilege Management vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. | 9.8 |
| 2018-10-04 | CVE-2018-0503 | Improper Privilege Management vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | 4.3 |
| 2018-10-01 | CVE-2018-14808 | Improper Privilege Management vulnerability in Emerson AMS Device Manager Emerson AMS Device Manager v12.0 to v13.5. | 6.5 |