Common Weakness Enumeration

CWE-648

Allowed

Incorrect Use of Privileged APIs

Abstraction: Base · Status: Incomplete

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

113 vulnerabilities reference this CWE, most recent first.

GHSA-5WJJ-XCHX-55WF

Vulnerability from github – Published: 2024-12-02 15:31 – Updated: 2024-12-09 21:31
VLAI
Details

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8785"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-02T15:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "In WhatsUp Gold versions released before 2024.0.1, a\u00a0remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Ipswitch\\.",
  "id": "GHSA-5wjj-xchx-55wf",
  "modified": "2024-12-09T21:31:01Z",
  "published": "2024-12-02T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8785"
    },
    {
      "type": "WEB",
      "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024"
    },
    {
      "type": "WEB",
      "url": "https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html"
    },
    {
      "type": "WEB",
      "url": "https://www.progress.com/network-monitoring"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6RGX-J4WH-77C4

Vulnerability from github – Published: 2025-07-29 00:30 – Updated: 2025-11-03 21:34
VLAI
Details

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54765"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-29T00:15:23Z",
    "severity": "MODERATE"
  },
  "details": "An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.",
  "id": "GHSA-6rgx-j4wh-77c4",
  "modified": "2025-11-03T21:34:11Z",
  "published": "2025-07-29T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54765"
    },
    {
      "type": "WEB",
      "url": "https://korelogic.com/Resources/Advisories/KL-001-2025-013.txt"
    },
    {
      "type": "WEB",
      "url": "https://xormon.com/note190.php"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7932-GCJG-WRFW

Vulnerability from github – Published: 2024-11-11 09:30 – Updated: 2024-11-24 15:31
VLAI
Details

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-11T08:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\u2019s account.",
  "id": "GHSA-7932-gcjg-wrfw",
  "modified": "2024-11-24T15:31:38Z",
  "published": "2024-11-11T09:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11068"
    },
    {
      "type": "WEB",
      "url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88JW-43WF-P3WR

Vulnerability from github – Published: 2024-05-31 03:30 – Updated: 2024-12-16 21:30
VLAI
Details

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37018"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-31T01:15:54Z",
    "severity": "CRITICAL"
  },
  "details": "The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.",
  "id": "GHSA-88jw-43wf-p3wr",
  "modified": "2024-12-16T21:30:55Z",
  "published": "2024-05-31T03:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37018"
    },
    {
      "type": "WEB",
      "url": "https://dl.acm.org/doi/10.1145/3658644.3690345"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mzc796/marionette_odl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mzc796/marionette_onos"
    },
    {
      "type": "WEB",
      "url": "https://jira.opendaylight.org/browse/DISCOVERY-2"
    },
    {
      "type": "WEB",
      "url": "https://mvnrepository.com/artifact/org.opendaylight.controller"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8V6G-RF54-42CG

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-01-23 18:31
VLAI
Details

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-23T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2.",
  "id": "GHSA-8v6g-rf54-42cg",
  "modified": "2024-01-23T18:31:09Z",
  "published": "2022-05-24T17:34:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7927"
    },
    {
      "type": "WEB",
      "url": "https://docs.opsmanager.mongodb.com/current/release-notes/application/#onprem-server-4-4-3"
    },
    {
      "type": "WEB",
      "url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-4.4.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8VGJ-C3FX-PPRX

Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30
VLAI
Details

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-09T22:16:30Z",
    "severity": "HIGH"
  },
  "details": "OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.",
  "id": "GHSA-8vgj-c3fx-pprx",
  "modified": "2026-04-10T00:30:29Z",
  "published": "2026-04-10T00:30:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35625"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-silent-local-shared-auth-reconnect"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9FR7-PVRJ-FF37

Vulnerability from github – Published: 2025-07-29 00:30 – Updated: 2025-11-03 21:34
VLAI
Details

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-29T00:15:24Z",
    "severity": "MODERATE"
  },
  "details": "An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used\u00a0to download logs from the appliance configuration, exposing\u00a0sensitive information.",
  "id": "GHSA-9fr7-pvrj-ff37",
  "modified": "2025-11-03T21:34:11Z",
  "published": "2025-07-29T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54768"
    },
    {
      "type": "WEB",
      "url": "https://korelogic.com/Resources/Advisories/KL-001-2025-015.txt"
    },
    {
      "type": "WEB",
      "url": "https://lpar2rrd.com/note800.php"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H2F-7XPR-XGQ4

Vulnerability from github – Published: 2023-11-28 12:31 – Updated: 2026-05-20 15:35
VLAI
Details

Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-28T10:15:07Z",
    "severity": "HIGH"
  },
  "details": "Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.",
  "id": "GHSA-9h2f-7xpr-xgq4",
  "modified": "2026-05-20T15:35:20Z",
  "published": "2023-11-28T12:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6150"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0664"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-23-0664"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9QPV-49Q8-9CHX

Vulnerability from github – Published: 2026-02-25 18:31 – Updated: 2026-04-20 21:31
VLAI
Details

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.

This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-25T17:25:28Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.\n\nThis vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system\u0026nbsp;and gain vmanage user privileges.",
  "id": "GHSA-9qpv-49q8-9chx",
  "modified": "2026-04-20T21:31:38Z",
  "published": "2026-02-25T18:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20122"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9XW2-PR37-VHP5

Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2024-04-04 02:41
VLAI
Details

It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-27T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.",
  "id": "GHSA-9xw2-pr37-vhp5",
  "modified": "2024-04-04T02:41:04Z",
  "published": "2022-05-24T17:02:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10216"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202004-03"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Before calling privileged APIs, always ensure that the assumptions made by the privileged code hold true prior to making the call.

Mitigation
Architecture and Design

Know architecture and implementation weaknesses of the privileged APIs and make sure to account for these weaknesses before calling the privileged APIs to ensure that they can be called safely.

Mitigation
Implementation

If privileged APIs make certain assumptions about data, context or state validity that are passed by the caller, the calling code must ensure that these assumptions have been validated prior to making the call.

Mitigation
Implementation

If privileged APIs do not shed their privilege prior to returning to the calling code, then calling code needs to shed these privileges immediately and safely right after the call to the privileged APIs. In particular, the calling code needs to ensure that a privileged thread of execution will never be returned to the user or made available to user-controlled processes.

Mitigation
Implementation

Only call privileged APIs from safe, consistent and expected state.

Mitigation
Implementation

Ensure that a failure or an error will not leave a system in a state where privileges are not properly shed and privilege escalation is possible (i.e. fail securely with regards to handling of privileges).

CAPEC-107: Cross Site Tracing

Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to a destination system's web server.

CAPEC-234: Hijacking a privileged process

An adversary gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of privilege in order to execute their own code.