CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5455 vulnerabilities reference this CWE, most recent first.
CVE-2024-0197 (GCVE-0-2024-0197)
Vulnerability from cvelistv5 – Published: 2024-02-27 12:48 – Updated: 2024-08-09 15:26- CWE-269 - Improper Privilege Management
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel HASP LDK |
Affected:
0 , < 9.16
(9.16)
|
|
| thalesgroup | safenet_sentinel_hasp |
Affected:
0 , < 9.16
(custom)
cpe:2.3:a:thalesgroup:safenet_sentinel_hasp:*:*:*:*:*:*:*:* |
|
| thalesgroup | safenet_sentinel_ldk |
Affected:
0 , ≤ 9.16
(custom)
cpe:2.3:a:thalesgroup:safenet_sentinel_ldk:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.thalesgroup.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thalesgroup:safenet_sentinel_hasp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safenet_sentinel_hasp",
"vendor": "thalesgroup",
"versions": [
{
"lessThan": "9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:thalesgroup:safenet_sentinel_ldk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safenet_sentinel_ldk",
"vendor": "thalesgroup",
"versions": [
{
"lessThanOrEqual": "9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T17:56:38.989974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T15:26:44.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Sentinel HASP LDK",
"vendor": "Thales",
"versions": [
{
"lessThan": "9.16",
"status": "affected",
"version": "0",
"versionType": "9.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Julian Horoszkiewicz (Eviden Red Team)"
}
],
"datePublic": "2024-02-15T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n"
}
],
"value": "A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T12:48:13.263Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"url": "https://supportportal.thalesgroup.com"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Thales Sentinel LDK version 9.16.\u003cbr\u003e"
}
],
"value": "Upgrade to Thales Sentinel LDK version 9.16.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation in Thales SafeNet Sentinel HASP LDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2024-0197",
"datePublished": "2024-02-27T12:48:13.263Z",
"dateReserved": "2024-01-02T15:23:33.572Z",
"dateUpdated": "2024-08-09T15:26:44.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0172 (GCVE-0-2024-0172)
Vulnerability from cvelistv5 – Published: 2024-04-03 09:09 – Updated: 2024-08-20 20:30- CWE-269 - Improper Privilege Management
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022372… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
N/A , < 1.5.6
(semver)
Affected: N/A , < 1.1.3 (semver) Affected: N/A , < 1.1.4 (semver) Affected: N/A , < 1.2.5 (semver) Affected: N/A , < 1.3.6 (semver) Affected: N/A , < 1.4.6 (semver) Affected: N/A , < 1.11.2 (semver) Affected: N/A , < 1.7.3 (semver) Affected: N/A , < 1.12.1 (semver) Affected: N/A , < 2.12.4 (semver) Affected: N/A , < 2.19.1 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.1 (semver) Affected: N/A , < 1.20.0 (semver) |
|
| dell | poweredge_r660_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r760_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_c6620_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_mx760c_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r860_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r960_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_hs5610_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_hs5620_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r660xs_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r760xs_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r760xd2_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_t560_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r760xa_firmware |
Affected:
0 , < 1.1.3
(custom)
cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xe9680_firmware |
Affected:
0 , < 1.1.3
(custom)
cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xr5610_firmware |
Affected:
0 , < 1.1.4
(custom)
cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xr8620t_firmware |
Affected:
0 , < 1.1.3
(custom)
cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xr7620_firmware |
Affected:
0 , < 1.5.6
(custom)
cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xe8640_firmware |
Affected:
0 , < 1.2.5
(custom)
cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xe9640_firmware |
Affected:
0 , < 1.3.6
(custom)
cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r6615_firmware |
Affected:
0 , < 1.4.6
(custom)
cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r7615_firmware |
Affected:
0 , < 1.4.6
(custom)
cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r6625_firmware |
Affected:
0 , < 1.4.6
(custom)
cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r7625_firmware |
Affected:
0 , < 1.4.6
(custom)
cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r650_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r750_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r750xa_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_c6520_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_mx750c_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r550_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r450_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r650xs_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r750xs_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_t550_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xr11_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xr12_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_t150_firmware |
Affected:
0 , < 1.7.3
(custom)
cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_t350_firmware |
Affected:
0 , < 1.7.3
(custom)
cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r250_firmware |
Affected:
0 , < 1.7.3
(custom)
cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r350_firmware |
Affected:
0 , < 1.7.3
(custom)
cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xr4510c_firmware |
Affected:
0 , < 1.12.1
(custom)
cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xr4520c_firmware |
Affected:
0 , < 1.12.1
(custom)
cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r6515_firmware |
Affected:
0 , < 2.12.4
(custom)
cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r6525_firmware |
Affected:
0 , < 2.12.4
(custom)
cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r7515_firmware |
Affected:
0 , < 2.12.4
(custom)
cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r7525_firmware |
Affected:
0 , < 2.12.4
(custom)
cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_c6525_firmware |
Affected:
0 , < 2.12.4
(custom)
cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xe8545_firmware |
Affected:
0 , < 2.12.4
(custom)
cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r740_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r740xd_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r640_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r940_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r540_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r440_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_t440_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xr2_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r740xd2_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r840_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r940xa_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_t640_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_c6420_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_fc640_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_m640_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_mx740c_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_mx840c_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_c4140_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xe2420_firmware |
Affected:
0 , < 2.19.0
(custom)
cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xe7420_firmware |
Affected:
0 , < 2.19.0
(custom)
cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_xe7440_firmware |
Affected:
0 , < 2.19.0
(custom)
cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_t140_firmware |
Affected:
0 , < 2.14.1
(custom)
cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_t340_firmware |
Affected:
0 , < 2.14.1
(custom)
cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r240_firmware |
Affected:
0 , < 2.14.1
(custom)
cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r340_firmware |
Affected:
0 , < 2.14.1
(custom)
cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r6415_firmware |
Affected:
0 , < 1.20.0
(custom)
cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r7415_firmware |
Affected:
0 , < 1.20.0
(custom)
cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:* |
|
| dell | poweredge_r7425_firmware |
Affected:
0 , < 1.20.0
(custom)
cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:* |
|
| dell | emc_storage_nx3240_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:emc_storage_nx3240_firmware:-:*:*:*:*:*:*:* |
|
| dell | emc_storage_nx3340_firmware |
Affected:
0 , < 2.19.1
(custom)
cpe:2.3:o:dell:emc_storage_nx3340_firmware:-:*:*:*:*:*:*:* |
|
| dell | emc_xc_core_xc450_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:* |
|
| dell | emc_xc_core_xc650_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:* |
|
| dell | emc_xc_core_xc750_firmware |
Affected:
0 , < 1.11.2
(custom)
cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r660_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6620_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx760c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r860_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r960_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_hs5610_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_hs5620_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r660xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760xd2_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t560_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760xa_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe9680_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr5610_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr8620t_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr7620_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe8640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe9640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6615_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7615_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6625_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7625_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r650_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r750_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r750xa_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6520_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx750c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r550_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r450_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r650xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r750xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t550_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr11_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr12_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t150_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t350_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r250_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r350_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr4510c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr4520c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6515_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6525_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7515_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7525_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6525_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe8545_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r740_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r740xd_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r940_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r540_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r440_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t440_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr2_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r740xd2_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r840_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r940xa_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6420_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_fc640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_m640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx740c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx840c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c4140_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe2420_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe7420_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe7440_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t140_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t340_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r240_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r340_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6415_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7415_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7425_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_storage_nx3240_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_storage_nx3240_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_storage_nx3340_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_storage_nx3340_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_xc_core_xc450_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_xc_core_xc650_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_xc_core_xc750_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T04:01:19.460976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T20:30:48.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.5",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.3.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.4.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.12.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-02T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T09:09:18.449Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0172",
"datePublished": "2024-04-03T09:09:18.449Z",
"dateReserved": "2023-12-14T05:35:36.325Z",
"dateUpdated": "2024-08-20T20:30:48.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0097 (GCVE-0-2024-0097)
Vulnerability from cvelistv5 – Published: 2024-05-09 22:16 – Updated: 2024-08-01 17:41{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chatrtx",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "0.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T16:48:39.489651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:05:37.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChatRTX",
"vendor": "nvidia",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 0.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering."
}
],
"value": "NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure, escalation of privileges, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-09T22:16:43.481Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE"
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0097",
"datePublished": "2024-05-09T22:16:43.481Z",
"dateReserved": "2023-12-02T00:42:06.849Z",
"dateUpdated": "2024-08-01T17:41:15.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0096 (GCVE-0-2024-0096)
Vulnerability from cvelistv5 – Published: 2024-05-09 22:16 – Updated: 2024-08-01 17:41{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chatrtx",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "0.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T16:53:17.080134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:05:23.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChatRTX",
"vendor": "nvidia",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 0.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering."
}
],
"value": "NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure, escalation of privileges, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-09T22:16:43.086Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE"
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0096",
"datePublished": "2024-05-09T22:16:43.086Z",
"dateReserved": "2023-12-02T00:42:05.784Z",
"dateUpdated": "2024-08-01T17:41:15.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0082 (GCVE-0-2024-0082)
Vulnerability from cvelistv5 – Published: 2024-04-08 22:00 – Updated: 2024-08-01 17:41{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chatrtx",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T16:54:08.246544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:05:04.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChatRTX",
"vendor": "nvidia",
"versions": [
{
"status": "affected",
"version": "0.2 and prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering"
}
],
"value": "NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T22:00:35.763Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5532"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE"
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0082",
"datePublished": "2024-04-08T22:00:35.763Z",
"dateReserved": "2023-12-02T00:41:53.225Z",
"dateUpdated": "2024-08-01T17:41:16.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0003 (GCVE-0-2024-0003)
Vulnerability from cvelistv5 – Published: 2024-09-23 17:27 – Updated: 2024-09-24 13:28- CWE-269 - Improper Privilege Management
| URL | Tags |
|---|---|
| https://purestorage.com/security | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| PureStorage | FlashArray |
Affected:
5.3.17 , ≤ 5.3.21
(custom)
Affected: 6.1.8 , ≤ 6.1.25 (custom) Affected: 6.0.7 , ≤ 6.0.9 (custom) Affected: 6.2.0 , ≤ 6.2.17 (custom) Affected: 6.3.0 , ≤ 6.3.14 (custom) Affected: 6.4.0 , ≤ 6.4.10 (custom) Affected: 6.5.0 (custom) |
|
| purestorage | flasharray |
Affected:
5.3.17 , ≤ 5.3.21
(custom)
Affected: 6.0.7 , ≤ 6.0.9 (custom) Affected: 6.1.8 , ≤ 6.1.25 (custom) Affected: 6.2.0 , ≤ 6.2.17 (custom) Affected: 6.3.0 , ≤ 6.3.14 (custom) Affected: 6.4.0 , ≤ 6.4.10 (custom) Affected: 6.5.0 cpe:2.3:a:purestorage:flasharray:5.3.17:*:*:*:*:*:*:* cpe:2.3:a:purestorage:flasharray:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:purestorage:flasharray:6.1.8:*:*:*:*:*:*:* cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:purestorage:flasharray:5.3.17:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flasharray",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "5.3.21",
"status": "affected",
"version": "5.3.17",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:17:50.484476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:28:44.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashArray",
"vendor": "PureStorage",
"versions": [
{
"lessThanOrEqual": "5.3.21",
"status": "affected",
"version": "5.3.17",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.5.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T17:34:27.686Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://purestorage.com/security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\u003cbr\u003e\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.3.15 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.5.1 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.6.1 or later.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2024-0003",
"datePublished": "2024-09-23T17:27:30.114Z",
"dateReserved": "2023-11-01T17:10:16.737Z",
"dateUpdated": "2024-09-24T13:28:44.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53908 (GCVE-0-2023-53908)
Vulnerability from cvelistv5 – Published: 2025-12-17 22:44 – Updated: 2026-04-07 14:07- CWE-269 - Improper Privilege Management
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51537 | exploit |
| https://www.belden.com/products/industrial-networ… | product |
| https://www.vulncheck.com/advisories/hisecos-priv… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T14:51:21.277692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:04:52.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HiSecOS",
"vendor": "Belden",
"versions": [
{
"status": "affected",
"version": "04.0.01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dreizehnutters"
}
],
"datePublic": "2023-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.\u003c/p\u003e"
}
],
"value": "HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:07:30.168Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51537",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51537"
},
{
"name": "Official Product Webpage",
"tags": [
"product"
],
"url": "https://www.belden.com/products/industrial-networking-cybersecurity/software-solutions/device-software/hisecos-firewall-software"
},
{
"name": "VulnCheck Advisory: HiSecOS 04.0.01 Privilege Escalation via User Role Modification",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hisecos-privilege-escalation-via-user-role-modification"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HiSecOS 04.0.01 Privilege Escalation via User Role Modification",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53908",
"datePublished": "2025-12-17T22:44:46.403Z",
"dateReserved": "2025-12-16T19:22:09.994Z",
"dateUpdated": "2026-04-07T14:07:30.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52716 (GCVE-0-2023-52716)
Vulnerability from cvelistv5 – Published: 2024-04-07 09:01 – Updated: 2024-09-13 15:09- CWE-269 - Improper Privilege Management
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei | HarmonyOS |
Affected:
4.0.0
Affected: 3.1.0 Affected: 3.0.0 Affected: 2.1.0 Affected: 2.0.0 |
|
| Huawei | EMUI |
Affected:
13.0.0
Affected: 12.0.0 |
|
| huawei | emui |
Affected:
12.0.0
Affected: 13.0.0 cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:* cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:* |
|
| huawei | harmonyos |
Affected:
2.0.0
Affected: 2.1.0 Affected: 3.0.0 Affected: 3.1.0 Affected: 4.0.0 cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:* cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:* cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:* cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:* cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emui",
"vendor": "huawei",
"versions": [
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "harmonyos",
"vendor": "huawei",
"versions": [
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "4.0.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:05:03.166002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:09:48.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"value": "Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module.\nImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T09:01:32.933Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"
},
{
"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2023-52716",
"datePublished": "2024-04-07T09:01:32.933Z",
"dateReserved": "2024-03-27T03:37:42.326Z",
"dateUpdated": "2024-09-13T15:09:48.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52543 (GCVE-0-2023-52543)
Vulnerability from cvelistv5 – Published: 2024-04-08 08:49 – Updated: 2024-11-07 16:03- CWE-269 - Improper Privilege Management
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T19:39:59.047820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:03:30.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://consumer.huawei.com/en/support/bulletin/2024/3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202403-0000001667644725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission verification vulnerability in the system module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"value": "Permission verification vulnerability in the system module.\nImpact: Successful exploitation of this vulnerability will affect availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T08:49:44.807Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/3/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202403-0000001667644725"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2023-52543",
"datePublished": "2024-04-08T08:49:44.807Z",
"dateReserved": "2024-02-27T03:41:51.381Z",
"dateUpdated": "2024-11-07T16:03:30.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52209 (GCVE-0-2023-52209)
Vulnerability from cvelistv5 – Published: 2024-08-01 21:04 – Updated: 2026-04-28 16:09- CWE-269 - Improper Privilege Management
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/wpf… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| WPForms, LLC. | WPForms User Registration |
Affected:
n/a , ≤ 2.1.0
(custom)
|
|
| wpforms | wpforms_user_registration |
Affected:
0 , ≤ 2.1.0
(custom)
cpe:2.3:a:wpforms:wpforms_user_registration:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wpforms:wpforms_user_registration:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wpforms_user_registration",
"vendor": "wpforms",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T14:14:10.799081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T14:41:56.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPForms User Registration",
"vendor": "WPForms, LLC.",
"versions": [
{
"changes": [
{
"at": "2.1.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.\u003cp\u003eThis issue affects WPForms User Registration: from n/a through 2.1.0.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:06.981Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wpforms-user-registration/wordpress-wpforms-user-registration-plugin-2-1-0-authenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.1.2 or a higher version."
}
],
"value": "Update to 2.1.2 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WPForms User Registration plugin \u003c= 2.1.0 - Authenticated Privilege Escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-52209",
"datePublished": "2024-08-01T21:04:10.671Z",
"dateReserved": "2023-12-29T12:26:03.424Z",
"dateUpdated": "2026-04-28T16:09:06.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.