Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Black Duck SCA Project Privilege Escalation
Vulnerability Description
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible. Exploitation does not grant full system control, but it may enable unauthorized changes to project configurations or access to system sensitive information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
特权授予不正确
Vulnerability Title
Black Duck SCA 安全漏洞
Vulnerability Description
Black Duck SCA是美国Black Duck公司的一个软件组成分析工具。 Black Duck SCA 2025.10.0之前版本存在安全漏洞,该漏洞源于用户角色权限配置过于宽泛,可能导致未经授权的项目配置更改或访问敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A