Enterprise Architect
Monthly
Privilege escalation in Sparx Enterprise Architect 17.1 and earlier allows an authenticated low-privilege user to impersonate any other user, including administrators, by tampering with the client-side application (e.g., via a debugger). Because role-based access enforcement happens in the client rather than on the server (CWE-603), an attacker who has any valid login can gain full repository control. No public exploit identified at time of analysis, although technical write-ups are referenced.
Privilege escalation in Sparx Enterprise Architect 17.1 and earlier allows an authenticated low-privilege user to impersonate any other user, including administrators, by tampering with the client-side application (e.g., via a debugger). Because role-based access enforcement happens in the client rather than on the server (CWE-603), an attacker who has any valid login can gain full repository control. No public exploit identified at time of analysis, although technical write-ups are referenced.