Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege vulnerabilities and exploits
(subscribe to this query)
905
VMScore
CVE-2017-6554
pmmasterd in Quest Privilege Manager prior to 6.0.0.061, when configured as a policy server, allows remote malicious users to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.
Quest Privilege Manager 6.0.0-27
Quest Privilege Manager 6.0.0-50
1 EDB exploit
NA
CVE-2020-12612
An issue exists in BeyondTrust Privilege Management for Windows up to and including 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same ...
Beyondtrust Privilege Management For Windows
Beyondtrust Privilege Management For Windows 5.6
NA
CVE-2020-12615
An issue exists in BeyondTrust Privilege Management for Windows up to and including 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary proc...
Beyondtrust Privilege Management For Windows
Beyondtrust Privilege Management For Windows 5.6
445
VMScore
CVE-2020-9326
BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 up to and including 5.5 prior to 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.
Beyondtrust Privilege Management For Windows And Mac
Beyondtrust Privilege Management For Windows And Mac 5.5
465
VMScore
CVE-2018-14894
CyberArk Endpoint Privilege Manager 10.2.1.603 and previous versions allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
Cyberark Endpoint Privilege Manager
1 EDB exploit
614
VMScore
CVE-2019-9627
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions before 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
Cyberark Endpoint Privilege Manager
668
VMScore
CVE-2018-13052
In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.
Cyberark Endpoint Privilege Manager -
614
VMScore
CVE-2021-44049
CyberArk Endpoint Privilege Manager (EPM) up to and including 11.5.3.328 prior to 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.
Cyberark Endpoint Privilege Manager
NA
CVE-2023-49944
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) prior to 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Age...
Beyondtrust Privilege Management For Windows
NA
CVE-2020-12614
An issue exists in BeyondTrust Privilege Management for Windows up to and including 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is p...
Beyondtrust Privilege Management For Windows
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »