CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2018-19411 HIGH
PRTG Network Monitor <18.2.40.1683 - Privilege Escalation
CVSS 8.8
CVE-2018-6080 MEDIUM
Google Chrome <65.0.3325.146 - Info Disclosure
CVSS 6.5
CVE-2018-3635 HIGH
Intel Rapid Storage Technology < 16.7 - Privilege Escalation via Installer Input Validation
CVSS 7.8
CVE-2018-2481 HIGH
SAP Advanced Business Application Pro... - Improper Privilege Management
CVSS 7.2
CVE-2018-15762 CRITICAL
Pivotal Operations Manager <2.0.24, <2.1.15, <2.2.7, <2.3.1 - Privilege Escalation
CVSS 9.0
CVE-2018-15321 MEDIUM
BIG-IP 11.2.1-11.5.6 - Authenticated Privilege Escalation via TMSH Command Bypass
CVSS 4.9
CVE-2018-14828 HIGH
Advantech WebAccess <8.3.1 - Privilege Escalation
CVSS 7.8
CVE-2018-13400 MEDIUM
Atlassian Jira < 7.6.9 - Improper Privilege Management
CVSS 4.7
CVE-2018-15592 HIGH
Ivanti Workspace Control < 10.3.10.0 - Authenticated Privilege Escalation via Named Pipe
CVSS 7.8
CVE-2018-12596 CRITICAL
Episerver Ektron CMS < 9.0 SP3 CU 31 / 9.1 < SP3 CU 45 / 9.2 < SP2 CU 22 - Unauthenticated Privilege Escalation
CVSS 9.8
CVE-2018-13802 HIGH
Siemens ROX II < 2.12.1 - Authenticated OS Command Execution via SSH
CVSS 7.2
CVE-2018-13801 HIGH
Siemens ROX II < 2.12.1 - Authenticated Privilege Escalation via SSH
CVSS 8.8
CVE-2018-17855 HIGH
Joomla! <3.8.13 - Privilege Escalation
CVSS 8.8
CVE-2018-0438 HIGH
Cisco Umbrella Enterprise Roaming Client < 2.1.127 Privilege Escalation via File Permission Bypass
CVSS 7.8
CVE-2018-0437 HIGH
Cisco Umbrella Enterprise Roaming Client < 2.1.118 - Improper Privilege Management
CVSS 7.8
CVE-2018-0436 HIGH
Cisco Webex Teams < 10.6.0 - Authenticated Improper Access Control
CVSS 8.7
CVE-2018-0425 CRITICAL
Cisco RV110W RV130W RV215W - Unauthenticated Sensitive Information Disclosure via Web Management Interface
CVSS 9.8
CVE-2018-0503 MEDIUM
MediaWiki 1.27.0-1.27.4, 1.31.0 - Improper Privilege Management via Rate Limit Override
CVSS 4.3
CVE-2018-14808 MEDIUM
Emerson AMS Device Manager <14 - Privilege Escalation
CVSS 6.5
CVE-2018-1550 MEDIUM
IBM Tivoli Storage Manager 7.1.8.0-7.1.8.2 - Denial of Service via Sensitive Information Corruption
CVSS 6.2
CVE-2018-11614 HIGH
Samsung Members < 2.4.25 - Privilege Escalation via Intent Handling
CVSS 8.8
CVE-2018-10502 HIGH
Samsung Galaxy Apps <4.2.18.2 - Privilege Escalation
CVSS 7.8
CVE-2018-14825 MEDIUM
Honeywell Mobile Computers - Multiple Versions - Info Disclosure
CVSS 5.8
CVE-2018-11786 HIGH
Apache Karaf < 4.2.0 - Unauthenticated Arbitrary File Read and Write via SSH Console
CVSS 8.8
CVE-2018-13799 CRITICAL
SIMATIC WinCC OA < V3.14-P021 - Unauthenticated Privilege Escalation via Data Point Access
CVSS 9.1
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits