87 matches found
CVE-2025-54766
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...
CVE-2025-54765
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include...
PT-2025-2648 · Otrs · Otrs
Name of the Vulnerable Software and Affected Versions: OTRS versions 6.0.x through 8.0.x OTRS versions 2023.x through 2024.x Description: An improper privilege management issue in the OTRS Generic Interface module allows users with read-only permissions to change the ticket status. This issue may...
PT-2024-29789 · Hcl · Hcl Bigfix Inventory
Name of the Vulnerable Software and Affected Versions: HCL BigFix Inventory affected versions not specified Description: The issue is related to an improper handling of insufficient permissions or privileges in HCL BigFix Inventory. An attacker with access via a read-only account can possibly...
CVE-2024-50558
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...
CVE-2024-23794
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the...
PT-2024-11728 · Northern.Tech · Mender
Name of the Vulnerable Software and Affected Versions: Northern.tech Mender versions 3.3.x through 3.3.1 Northern.tech Mender versions 3.4.x through 3.4.0 Northern.tech Mender versions 3.5.x through 3.5.0 Northern.tech Mender versions 3.6.x through 3.6.0 Description: The issue is related to...
ALPINE-CVE-2022-24805
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains...
PT-2024-13477 · Ibm · Ibm Storage Protect Plus Server
Name of the Vulnerable Software and Affected Versions: IBM Storage Protect Plus Server versions 10.1.0 through 10.1.16 Description: The issue allows an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration, resulting in unauthorized acces...
CVE-2023-43183
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account...
CVE-2023-43183
CVE-2023-43183 affects Reprise License Manager (RLM) v15.1. An incorrect access control vulnerability allows a read-only user to arbitrarily change an administrator’s password and hijack the admin account. The issue is documented across multiple sources (NVD/Red Hat/CVE list) and has public PoCs/...
PT-2023-31122 · Peplink · Peplink Balance
Name of the Vulnerable Software and Affected Versions: Peplink Balance Two versions prior to 8.4.0 Description: An issue was discovered in the administration web service, where a missing authorization check allows read-only, unprivileged users to obtain sensitive information about the device...
UBUNTU-CVE-2023-45807
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...
CVE-2023-20136
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
CVE-2023-20136
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...
CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features error tracking, creating workflows and monitoring project progress.An elevation of privilege vulnerability exists in versions prior to JetBrains YouTrack...
How to create read-only users on xenserver
Create read-only users on xenserver...
CVE-2019-18181
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only...