PT-2025-47803 · Synopsys · Black Duck Sca
Published
2025-11-21
·
Updated
2025-11-21
·
CVE-2025-0504
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Black Duck SCA versions prior to 2025.10.0
Description
User role permissions were configured in an overly broad manner in Black Duck SCA. Users with the Project Manager role and Global User Read access permission were able to access Project Administrator functionalities that should have been restricted. This does not grant full system control, but may allow unauthorized changes to project configurations or access to sensitive system information.
Recommendations
Update Black Duck SCA to version 2025.10.0 or later.
Fix
LPE
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Black Duck Sca