CVE-2020-5362

MEDIUM Year: 2020
CVSS v3 Score
4.4
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-285
View all →

Vulnerability Description

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Related Vulnerabilities

CVE-2016-7097

MEDIUM
CVSS:4.4(Medium)

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setg...

CWE-2852016

CVE-2019-13528

MEDIUM
CVSS:4.4(Medium)

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and...

CWE-2852019

CVE-2020-24431

MEDIUM
CVSS:4.4(Medium)

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic ...

CWE-2852020

CVE-2019-3641

MEDIUM
CVSS:4.5(Medium)

Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data v...

CWE-2852019

CVE-2019-3842

MEDIUM
CVSS:4.5(Medium)

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configu...

CWE-2852019

CVE-2015-7463

MEDIUM
CVSS:4.3(Medium)

IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization che...

CWE-2852015