Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,778)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-35762 1Microsoft 4Windows 10 Windows Server 2016Windows Server 2019+1 more May 29, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Storage Spaces Direct Elevation of Privilege Vulnerability
CVE-2022-35761 1Microsoft 5Windows 10 Windows 11Windows Server 2016+2 more May 29, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-34706 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Jun 4, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-34703 1Microsoft 5Windows 10 Windows 11Windows Server 2016+2 more Jun 4, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2022-34699 1Microsoft 5Windows 10 Windows 11Windows Server 2016+2 more Jun 5, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-34691 1Microsoft 10Windows 10 Windows 11Windows 7+7 more Jun 5, 2025 Aug 9, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2022-33646 1Microsoft 1Azure Batch Jun 5, 2025 Aug 9, 2022 N/A· v4 7.0 HIGH· v3 N/A· v2 Azure Batch Node Agent Elevation of Privilege Vulnerability
CVE-2022-33640 1Microsoft 2Open Management Infrastructure System Center Operations Manager Jun 5, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2022-36833 1Samsung 1Gameoptimizingservice Nov 21, 2024 Aug 5, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by chan...Show more Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.Show less
CVE-2022-2498 1Gitlab 1Gitlab Nov 21, 2024 Aug 5, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline...Show more An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.Show less
CVE-2022-35243 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more Nov 21, 2024 Aug 4, 2022 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypa...Show more In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2022-33962 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more Nov 21, 2024 Aug 4, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control re...Show more In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2022-35921 1Friendsofflarum 1Byobu Nov 21, 2024 Aug 1, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this...Show more fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.Show less
CVE-2022-2317 1Simple Membership Plugin 1Simple Membership Nov 21, 2024 Aug 1, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.
CVE-2022-2273 1Simple Membership Plugin 1Simple Membership Nov 21, 2024 Aug 1, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST requ...Show more The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.Show less
CVE-2022-34338 1Ibm 1Robotic Process Automation Nov 21, 2024 Aug 1, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962.
CVE-2022-35291 1Sap 1Successfactors Mobile Nov 21, 2024 Jul 27, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile...Show more Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the applicationShow less
CVE-2022-20907 1Cisco 1Nexus Dashboard Nov 21, 2024 Jul 22, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI comman...Show more Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.Show less
CVE-2022-20906 1Cisco 1Nexus Dashboard Nov 21, 2024 Jul 22, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI comman...Show more Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.Show less
CVE-2022-26113 1Fortinet 1Forticlient Nov 21, 2024 Jul 19, 2022 N/A· v4 7.1 HIGH· v3 N/A· v2 An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrar...Show more An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.Show less

Previous 1...777879...139 Next