93 matches found
VulnCheck KEV: CVE-2022-25237
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...
CVE-2023-36651
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...
CVE-2023-6150
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105...
SGUDA U-Lock 安全漏洞
SGUDA U-Lock is a smart electronic lock from SGUDA China. A security vulnerability exists in SGUDA U-Lock, which stems from an authorization error in the lock management function of the central locking service. A remote attacker could use this vulnerability to invoke a privileged API to obtain...
CVE-2022-42849
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges...
CVE-2022-42849
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges...
CVE-2022-42849
CVE-2022-42849 is an Apple platform privilege-elevation issue where privileged API calls could allow a user to gain higher privileges. The record indicates an access issue in Apple’s software stack that is addressed by applying restrictions and updating to specific releases: iOS 16.2, iPadOS 16.2...
CVE-2022-39883
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...
CVE-2022-39883
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...
Authorization
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...
CVE-2022-39883
CVE-2022-39883 affects Samsung StorageManagerService prior to SMR Nov-2022 Release 1. The issue is an improper authorization that lets a local attacker call a privileged API. The NVD CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, LOW complexity, and Privileges Required: LOW. Red Hat/...
CVE-2022-39883
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2022 Release 1 version, which stems from an improper authorization vulnerability in...
The vulnerability of the PingID software for multi-factor authentication of applications involves improper use of privileged APIs, allowing an attacker to escalate their privileges.
The vulnerability of the PingID software for multi-factor authentication of applications relates to the improper use of privileged APIs. Exploiting this vulnerability could allow an attacker to enhance their privileges...
CVE-2022-26668
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service...
CVE-2022-26668 ASUS Control Center - Broken Access Control
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service...
CVE-2022-25237
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...
CVE-2022-25237
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...
Authorization
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...
CVE-2022-25237
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...