AlertEnterprise Guardian Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in AlertEnterprise Guardian version 4.1.14.2.2.1 and earlier. This issue allows remote authenticated users to elevate their privileges to administrator level by manipulating the 'IsAdminApprover' parameter in a specific API call. The vulnerability resides in the 'Request Building Access' requestSubmit API endpoint.

Impact

Exploitation of this vulnerability allows authenticated users to gain unauthorized administrator privileges, enabling them to approve or revoke access requests at will.

Added: Jul 22, 2025, 8:23 PM

Updated: Jul 22, 2025, 10:08 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AlertEnterprise Guardian Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating