2 matches found
CVE-2024-37899
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable...
CVE-2020-3329
Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data are affected by a role-based access control vulnerability. Root cause: incorrect allocation of the enable/disable action button in the RBAC code, allowing a read-only authenticated attacker to update other users...