Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the Administrator role. This issue mainly affects cloud multi-tenant deployments; on-prem single-tenant installations are typically not impacted because local admins usually already have Supervisor privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DriveLock 安全漏洞
Vulnerability Description
DriveLock是德国DriveLock公司的一个端点安全与数据保护平台。 DriveLock 24.1及之前的24.1.x版本、24.2及之前的24.2.x版本和25.1.6之前版本存在安全漏洞,该漏洞源于具有管理角色和权限特权的用户可通过API调用提升自身或其他DOC用户为Supervisor角色,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A