13 matches found
CVE-2025-40897
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...
EUVD-2025-209469
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...
CVE-2025-40897
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...
CVE-2025-40897
The CVE-2025-40897 entry concerns Guardian/CMC Threat Intelligence prior to version 26.0.0, where an access control flaw allows users with view-only privileges to perform administrative actions, potentially altering rules configuration and affecting availability. The vulnerability stems from impr...
CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...
PT-2026-33014
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...
Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0
Summary An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. Impact An authenticated user with view-only privileges for the Threat Intelligence functionality ca...
BIT-ELK-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service
Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...
CVE-2026-26934
Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...
CVE-2026-26934
CVE-2026-26934 involves Kibana and an improper validation of input quantity (CWE-1284) that allows an authenticated user with view-only privileges to cause a Denial of Service by sending malformed payloads, leading to excessive resource consumption and Kibana unresponsiveness or crashes. The vuln...
CVE-2020-7300
Improper Authorization vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages...
CVE-2021-22944
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later...
CVE-2020-7300
Improper Authorization vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages...