CWE-732

Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.

BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.