The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
2,838 vulnerabilities with CWE-269
CVE-2017-14312
HIGH
Nagios Core <4.3.4 - Privilege Escalation
CVSS 7.8
CVE-2017-12422
MEDIUM
NetApp StorageGRID Webscale <10.2.2.3-10.4.0.2 - Privilege Escalation
CVSS 6.5
CVE-2017-13707
CRITICAL
Replibit < 2017.08.04 - Privilege Escalation via Sudo vi Access
CVSS 9.8
CVE-2017-8446
MEDIUM
Elastic X-Pack Reporting < 5.5.2 and < 2.4.6 - Privilege Escalation via Reporting User Impersonation
CVSS 5.3
CVE-2017-6767
HIGH
Cisco Application Policy Infrastructure Controller - Authenticated Privilege Escalation via SSH Login
CVSS 7.1
CVE-2017-9662
MEDIUM
Fuji Electric Monitouch V-SFT <5.4.43.0 - Privilege Escalation
CVSS 5.3
CVE-2017-10142
MEDIUM
Oracle Hospitality Reporting and Analytics 8.5.1 and 9.0.0 - Authenticated Improper Privilege Management
CVSS 5.4
CVE-2017-10104
HIGH
Oracle Java Advanced Management Console 2.6 - Improper Privilege Management via HTTP
CVSS 7.4
CVE-2017-10103
MEDIUM
Oracle FLEXCUBE Private Banking <12.0.1 - Unauthorized Access
CVSS 6.5
CVE-2017-10098
MEDIUM
Oracle FLEXCUBE Universal Banking <12.3.0 - RCE
CVSS 5.4
CVE-2017-10094
MEDIUM
Oracle Agile PLM 9.3.5-9.3.6 - Improper Privilege Management
CVSS 5.4
CVE-2017-10046
MEDIUM
Oracle Primavera P6 <16.1 - Info Disclosure
CVSS 5.4
CVE-2017-10000
HIGH
Oracle Hospitality Reporting and Analytics 8.5.1 and 9.0.0 - Denial of Service via HTTP
CVSS 7.7
CVE-2017-9940
HIGH
Siemens SiPass integrated < V2.70 - Authenticated Arbitrary File Read and Write
CVSS 8.1
CVE-2017-7916
MEDIUM
ABB VSN300 WiFi Logger Card <=1.8.15 & VSN300 for React <=2.1.3 - Unauthenticated Privilege Escalation
CVSS 6.5
CVE-2017-11438
MEDIUM
GitLab CE and EE < 9.0.11, 9.1.8, 9.2.8 - Authenticated Privilege Escalation via Group Creation
CVSS 6.3
CVE-2017-11747
MEDIUM
Tinyproxy <1.8.4 - Local Privilege Escalation
CVSS 5.5
CVE-2017-11681
HIGH
Hashtopussy 0.4.0 - Privilege Escalation
CVSS 8.8
CVE-2017-11467
CRITICAL
OrientDB < 2.2.22 - Remote Code Execution via Unprivileged Query Operations
CVSS 9.8
CVE-2017-7532
MEDIUM
Moodle 3.3.0 - Improper Privilege Management
CVSS 6.5
CVE-2017-11361
HIGH
Inteno Router Firmware - Improper Privilege Management via JUCI ACL Misconfiguration
CVSS 8.8
CVE-2017-1000003
CRITICAL
ATutor <2.2.1 - Privilege Escalation
CVSS 9.8
CVE-2017-8032
MEDIUM
Cloud Foundry UAA < v4.4.0 - Privilege Escalation via External Provider Permission Mapping
CVSS 6.6
CVE-2017-6732
MEDIUM
Cisco Prime Network Software - Privilege Escalation
CVSS 6.7
CVE-2017-6728
HIGH
Cisco IOS XR - Authenticated Privilege Escalation via CLI Incorrect Permissions
CVSS 7.0
Details
Vulnerabilities
2,838
Exploit Likelihood
Medium