11 matches found
CVE-2025-37736
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
EUVD-2025-38342
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
CVE-2025-37736
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
CVE-2025-37736
Summary: CVE-2025-37736 is an Improper Authorization flaw in Elastic Cloud Enterprise (ECE) that can enable privilege escalation where a built-in readonly user may call APIs that should be disallowed. Affected endpoints (examples): /platform/configuration/security/service-accounts (POST/DELETE/…)...
CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
Elastic Cloud Enterprise (ECE) 3.8.3 and 4.0.3 Security Update (ESA-2025-22)
Elastic Cloud Enterprise Improper Authorizatio n ESA-2025-22 Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is:...
CVE-2023-46717
An improper authentication vulnerability CWE-287 in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts...
PT-2022-6023 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.0.0 through 7.0.7 FortiOS version 7.2.0 Description: The issue is related to improper access control, which may allow a remote authenticated read-only user to modify interface settings via the API. This could potentially be...
CVE-2018-20193
Certain Secure Access SA Series SSL VPN products originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 build 9627 4.2 Release build 7631. This occurs because appropriate controls...
CVE-2018-20193
Certain Secure Access SA Series SSL VPN products originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 build 9627 4.2 Release build 7631. This occurs because appropriate controls...