CRITICAL🇵🇱 Wersja polska

CVE-2024-9478

CVSS 10.0v4.0pub. 2024-11-20upd. 2026-04-15

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.

🤖 AI Analysis
How it works

Improper privilege management (CWE-266) in the upKeeper Instant Privilege Access product allows an attacker to perform privilege escalation. The vulnerability does not require authentication, user interaction, or fulfillment of special preconditions, making it trivially exploitable remotely.

Impact

An attacker can obtain elevated privileges in the system, potentially taking full control over the environment managed by upKeeper Instant Privilege Access, including protected resources and sensitive data.

Mitigation & patch

Update upKeeper Instant Privilege Access to version 1.2 or newer. Detailed information is available in the vendor's bulletin at: https://support.upkeeper.se/hc/en-us/articles/17007638130716-CVE-2024-9478-Improper-Privilege-Management-Process

Who is affected

upKeeper Instant Privilege Access in versions prior to 1.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References