Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2018-10-10 CVE-2018-12596 Improper Privilege Management vulnerability in Episerver Ektron CMS 9.00/9.10/9.20
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).
network
low complexity
episerver CWE-269
critical
9.8
2018-10-10 CVE-2018-13802 Improper Privilege Management vulnerability in Siemens ROX II Firmware
A vulnerability has been identified in ROX II (All versions < V2.12.1).
network
low complexity
siemens CWE-269
7.2
2018-10-10 CVE-2018-13801 Improper Privilege Management vulnerability in Siemens ROX II Firmware
A vulnerability has been identified in ROX II (All versions < V2.12.1).
network
low complexity
siemens CWE-269
8.8
2018-10-09 CVE-2018-17855 Improper Privilege Management vulnerability in Joomla Joomla!
An issue was discovered in Joomla! before 3.8.13.
network
low complexity
joomla CWE-269
8.8
2018-10-05 CVE-2018-0438 Improper Privilege Management vulnerability in Cisco Umbrella Enterprise Roaming Client
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator.
local
low complexity
cisco CWE-269
7.8
2018-10-05 CVE-2018-0437 Improper Privilege Management vulnerability in Cisco products
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator.
local
low complexity
cisco CWE-269
7.8
2018-10-05 CVE-2018-0436 Improper Privilege Management vulnerability in Cisco Webex Teams
A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization.
network
low complexity
cisco CWE-269
8.7
2018-10-05 CVE-2018-0425 Improper Privilege Management vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.
network
low complexity
cisco CWE-269
critical
9.8
2018-10-04 CVE-2018-0503 Improper Privilege Management vulnerability in multiple products
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
network
low complexity
mediawiki debian CWE-269
4.3
2018-10-01 CVE-2018-14808 Improper Privilege Management vulnerability in Emerson AMS Device Manager
Emerson AMS Device Manager v12.0 to v13.5.
network
low complexity
emerson CWE-269
6.5