CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38368 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38368
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261195 https://www.ibm.com/support/pages/node/7158790 • CWE-276: Incorrect Default Permissions CWE-863: Incorrect Authorization •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30997 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30997
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254638 https://www.ibm.com/support/pages/node/7158790 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30998 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30998
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254649 https://www.ibm.com/support/pages/node/7158790 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2023-7270 – Local Privilege Escalation via MSI installer
https://notcve.org/view.php?id=CVE-2023-7270
SoftMaker Office and FreeOffice suffer from a local privilege escalation vulnerability via the MSI installer. • http://seclists.org/fulldisclosure/2024/Jul/5 https://r.sec-consult.com/softmaker https://softmaker.de/download/servicepacks https://www.freeoffice.com/de/download/servicepacks • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39708
https://notcve.org/view.php?id=CVE-2024-39708
An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. • https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.1-combined.htm https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability • CWE-427: Uncontrolled Search Path Element •