Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-18 | CVE-2013-3323 | Improper Privilege Management vulnerability in IBM products A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | 9.8 |
| 2020-02-14 | CVE-2019-6195 | Improper Privilege Management vulnerability in Lenovo Xclarity Controller An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. | 4.8 |
| 2020-02-13 | CVE-2014-4170 | Improper Privilege Management vulnerability in Freereprintables Articlefr 3.0.4 A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. | 9.8 |
| 2020-02-11 | CVE-2020-0686 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
| 2020-02-07 | CVE-2020-8655 | Improper Privilege Management vulnerability in Eyesofnetwork 5.30 An issue was discovered in EyesOfNetwork 5.3. | 7.8 |
| 2020-02-06 | CVE-2015-2909 | Improper Privilege Management vulnerability in Netvu products Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. | 9.8 |
| 2020-02-06 | CVE-2016-9928 | Improper Privilege Management vulnerability in multiple products MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | 7.4 |
| 2020-02-04 | CVE-2015-3613 | Improper Privilege Management vulnerability in Fortinet Fortimanager A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | 9.8 |
| 2020-02-03 | CVE-2020-5182 | Improper Privilege Management vulnerability in Cmsjunkie J-Businessdirectory The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. | 6.5 |
| 2020-01-30 | CVE-2015-0949 | Improper Privilege Management vulnerability in multiple products The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. | 7.8 |