CVE-2019-4536

MEDIUM Year: 2019
CVSS v3 Score
6.7
Medium
CVSS v2 Score
3.3
Low
Weakness Type
CWE-269
View all →

Vulnerability Description

IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592.

Related Vulnerabilities

CVE-2011-2910

MEDIUM
CVSS:6.7(Medium)

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would c...

CWE-2692011

CVE-2017-14329

MEDIUM
CVSS:6.7(Medium)

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.

CWE-2692017

CVE-2017-14330

MEDIUM
CVSS:6.7(Medium)

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.

CWE-2692017

CVE-2017-14380

MEDIUM
CVSS:6.7(Medium)

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_g...

CWE-2692017

CVE-2017-6152

MEDIUM
CVSS:6.7(Medium)

A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account passwor...

CWE-2692017

CVE-2017-6732

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343...

CWE-2692017