CVEbaza.plSłownik CWECWE-671
Common Weakness Enumeration

CWE-671

Lack of Administrator Control over Security

Kategoria: ClassCVE: 4
Opis

Produkt wykorzystuje funkcje bezpieczeństwa w sposób uniemożliwiający administratorowi dostosowanie ustawień bezpieczeństwa do środowiska, w którym produkt jest używany. Powoduje to powstanie potencjalnych podatności lub uniemożliwia działanie na pożądanym przez administratora poziomie bezpieczeństwa.

Description (EN)

The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.

Podatności CVE z CWE-671 (4)
9.1
CVSS
CRITICAL
CVE-2025-24024

Mjolnir v1.9.0 (narzędzie moderacyjne dla platformy Matrix) błędnie reaguje na komendy zarządzające z dowolnego pokoju, w którym bot jest obecny. Pozwala to nieautoryzowanym użytkownikom na wykonywanie funkcji bota, w tym komponentów administracji serwerem.

pub. 2025-01-21
8.8
CVSS
HIGH
CVE-2018-13283

Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.

pub. 2019-04-01
5.4
CVSS
MEDIUM
CVE-2023-20115

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.

pub. 2023-08-23
3.5
CVSS
LOW
CVE-2022-29163

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a patch for this issue. There are currently no known workarounds.

pub. 2022-05-20
Informacje
ID: CWE-671
Typ: Class
Podatności: 4
MITRE CWE ↗
← Słownik CWE