CWE-520
.NET Misconfiguration: Use of Impersonation
Description
Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25608 | Hig | 0.55 | 8.4 | 0.00 | Mar 22, 2026 | Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after… | ||
| CVE-2026-2450 | — | Hig | 0.48 | — | 0.00 | Apr 14, 2026 | .NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0. | |
| CVE-2024-46943 | 0.00 | — | 0.01 | Sep 15, 2024 | An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information. |
- risk 0.55cvss 8.4epss 0.00
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after…
- risk 0.48cvss —epss 0.00
.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.
- CVE-2024-46943Sep 15, 2024risk 0.00cvss —epss 0.01
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.