Vulnerabilities (CVE)

CWE filter

CWE-285

Filter

111 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-7588 1 Exacq 1 Enterprise System Manager 2019-10-10 6.9
A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running...
CVE-2019-0349 1 Sap 1 Advanced Business Application Programming Platform Kernel 2019-10-10 6.5
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73,...
CVE-2019-6580 2019-10-09 6.5
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance...
CVE-2019-4275 1 Ibm 1 Jazz For Service Management 2019-10-09 2.1
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296.
CVE-2019-3785 2019-10-09 5.5
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that...
CVE-2019-3734 1 Dell 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment 2019-10-09 4.0
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota...
CVE-2019-3403 1 Atlassian 1 Jira 2019-10-09 5.0
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
CVE-2019-2386 1 Mongodb 1 Mongodb 2019-10-09 6.0
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue...
CVE-2019-1934 1 Cisco 1 Adaptive Security Appliance Software 2019-10-09 6.5
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The...
CVE-2019-1907 1 Cisco 2 Integrated Management Controller Supervisor, Unified Computing System 2019-10-09 6.5
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of...
CVE-2019-1863 1 Cisco 1 Unified Computing System 2019-10-09 9.0
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to...
CVE-2019-1859 2019-10-09 6.5
A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists...
CVE-2019-1851 1 Cisco 1 Identity Services Engine 2019-10-09 4.0
A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on...
CVE-2019-1604 1 Cisco 1 Nx-os 2019-10-09 7.2
A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user...
CVE-2019-1603 1 Cisco 1 Nx-os 2019-10-09 4.6
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could...
CVE-2019-13416 1 Search-guard 1 Search Guard 2019-10-09 3.5
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
CVE-2019-13415 1 Search-guard 1 Search Guard 2019-10-09 3.5
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
CVE-2019-12635 1 Cisco 1 Content Security Management Appliance 2019-10-09 4.0
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software...
CVE-2019-11208 1 Tibco 1 Api Exchange Gateway 2019-10-09 6.5
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to...
CVE-2018-20826 1 Atlassian 1 Jira 2019-10-09 4.0
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.