Primary

Context

Black Duck SCA Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in Black Duck SCA versions prior to 2025.10.0. The issue arises from user role permissions that were configured too broadly. Specifically, users with the Project Manager role and Global User Read access were able to access certain functionalities meant for Project Administrators. While this vulnerability does not provide full system control, it could allow unauthorized modifications to project configurations or access to sensitive system information.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in project settings or access to confidential system data.

Remediation

Users are advised to upgrade to Black Duck SCA version 2025.10.0.

Added: Nov 21, 2025, 10:27 PM

Updated: Nov 21, 2025, 10:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Black Duck SCA Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating