CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

926 vulnerabilities with CWE-266
CVE-2021-1594 HIGH
Cisco Identity Services Engine 2.4.0-2.5.9 - Unauthenticated OS Command Injection via REST API
CVSS 7.5
CVE-2021-20264 HIGH
OpenJDK - Privilege Escalation via /etc/passwd Modification
CVSS 7.8
CVE-2021-1572 HIGH
Cisco ConfD 7.4-7.4.3 - Authenticated Privilege Escalation via SFTP User Service
CVSS 7.8
CVE-2021-20208 MEDIUM
cifs-utils < 6.13 - Unauthenticated Kerberos Credential Exposure via Container Mount
CVSS 6.1
CVE-2021-1416 MEDIUM
Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Admin Portal
CVSS 6.5
CVE-2021-1412 MEDIUM
Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Admin Portal
CVSS 6.5
CVE-2021-1303 HIGH
Cisco Catalyst Center < 2.1.2.0 - Authenticated Privilege Escalation via Observer Role
CVSS 8.8
CVE-2020-25720 HIGH
Red Hat Enterprise Linux 6-10 - Incorrect Privilege Assignment in Samba Active Directory Object Creation
CVSS 7.5
CVE-2020-10728 HIGH
Automationbroker/apb <2.0.4-1 - Privilege Escalation
CVSS 7.8
CVE-2020-1742 HIGH
nmstate/kubernetes-nmstate-handler < v2.3.0-30 - Privilege Escalation
CVSS 7.0
CVE-2020-35514 HIGH
OpenShift < 4.7.0 - Insecure Privilege Assignment via Kubeconfig File Access
CVSS 7.0
CVE-2020-10695 HIGH
redhat-sso-7 - Privilege Escalation
CVSS 7.8
CVE-2020-16120 MEDIUM
Linux Kernel < 5.11 - Incorrect Privilege Assignment in Overlayfs
CVSS 5.1
CVE-2020-14318 MEDIUM
Samba 3.6.0-4.11.14 - Authenticated Improper Privilege Management
CVSS 4.3
CVE-2020-27122 MEDIUM
Cisco Identity Services Engine < 3.0.0 - Authenticated Privilege Escalation via Active Directory Integration
CVSS 6.7
CVE-2020-26182 MEDIUM
Dell EMC NetWorker <19.3.0.2 - Privilege Escalation
CVSS 6.8
CVE-2020-7334 HIGH
McAfee Application and Change Control < 8.3.2 - Improper Privilege Assignment via MSI Installer
CVSS 7.7
CVE-2020-7018 HIGH
Elastic Enterprise Search < 7.9.0 - Privilege Escalation via Developer Role Credential Exposure
CVSS 8.8
CVE-2020-7014 HIGH
Elasticsearch 6.7.0-6.8.7 and 7.0.0-7.6.1 - Privilege Escalation via API Key and Authentication Token Manipulation
CVSS 8.8
CVE-2020-6652 HIGH
Eaton Intelligent Power Manager < 1.67 - Privilege Escalation via Configuration Upload
CVSS 7.8
CVE-2020-1989 HIGH
Palo Alto Networks GlobalProtect Agent for Linux < 5.0.8 - Authenticated Privilege Escalation via Application File Write
CVSS 7.0
CVE-2020-7009 HIGH
Elasticsearch 6.7.0-6.8.7 and 7.0.0-7.6.1 - Privilege Escalation via API Key Generation
CVSS 8.8
CVE-2020-1705 HIGH
openshift/template-service-broker-operator <4.3.0 - Privilege Escal...
CVSS 7.0
CVE-2020-1704 HIGH
OpenShift ServiceMesh <1.0.8 - Privilege Escalation
CVSS 7.0
CVE-2020-1708 HIGH
openshift/mysql-apb - Privilege Escalation
CVSS 7.0
Details
Vulnerabilities 926
Links
MITRE CWE Entry Search this CWE With Exploits