CVEbaza.plSłownik CWECWE-520
Common Weakness Enumeration

CWE-520

.NET Misconfiguration: Use of Impersonation

Kategoria: VariantCVE: 3
Opis

Zezwolenie aplikacji .NET na działanie na potencjalnie podwyższonych poziomach dostępu do podstawowego systemu operacyjnego i systemów plików może być niebezpieczne i prowadzić do różnych rodzajów ataków. Takie podwyższone uprawnienia mogą zostać wykorzystane przez atakujących do uzyskania nieautoryzowanego dostępu lub wykonania złośliwych działań.

Description (EN)

Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks.

Podatności CVE z CWE-520 (3)
8.6
CVSS
HIGH
CVE-2019-25608

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.

pub. 2026-03-22
7.5
CVSS
HIGH
CVE-2024-46943

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.

pub. 2024-09-15
7.4
CVSS
HIGH
CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.

pub. 2026-04-14
Informacje
ID: CWE-520
Typ: Variant
Podatności: 3
MITRE CWE ↗
← Słownik CWE