CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2018-9022 CRITICAL
Broadcom Privileged Access Manager < 2.8.2 - Unauthenticated Remote Code Execution via Configuration File Poisoning
CVSS 9.8
CVE-2018-9021 CRITICAL
Broadcom Privileged Access Manager < 2.8.2 - Authentication Bypass and Remote Command Execution
CVSS 9.8
CVE-2018-5756 MEDIUM
Open-xchange Appsuite < 7.6.3 - Improper Privilege Management
CVSS 4.3
CVE-2018-1460 HIGH
IBM PureData System for Analytics <1.0.0 - Privilege Escalation
CVSS 8.4
CVE-2018-12261 MEDIUM
Momentum Axel 720P 5.1.8 - Privilege Escalation
CVSS 4.4
CVE-2018-5166 HIGH
Firefox < 60 - Open Redirect
CVSS 7.5
CVE-2018-11190 HIGH
Quest DR Series Disk Backup < 4.0.3.1 - Privilege Escalation
CVSS 8.8
CVE-2018-1495 MEDIUM
IBM FlashSystem - Privilege Escalation
CVSS 6.5
CVE-2018-6674 MEDIUM
McAfee VirusScan Enterprise < 8.8 Patch 13 - Privilege Escalation via McTray.exe
CVSS 6.8
CVE-2018-1134 MEDIUM
Moodle 3.1.0-3.1.11 and 3.1-3.1.12 - Unauthenticated Arbitrary File Download via Portfolio Export URL
CVSS 6.5
CVE-2018-11323 HIGH
Joomla! < 3.8.8 - Improper Privilege Management
CVSS 8.8
CVE-2018-1000400 HIGH
Kubernetes CRI-O <1.9 - Privilege Escalation
CVSS 8.8
CVE-2018-8841 HIGH
Advantech WebAccess <8.3.1 - Privilege Escalation
CVSS 7.8
CVE-2018-8853 HIGH
Philips Brilliance <2.6.2 - Privilege Escalation
CVSS 8.8
CVE-2018-10168 HIGH
TP-Link EAP/Omada <2.5.4/2.6.0 - Privilege Escalation
CVSS 8.8
CVE-2018-0245 MEDIUM
Cisco 5500 and 8500 Series Wireless LAN Controller Software - Unauthenticated Information Disclosure via REST API URL
CVSS 5.3
CVE-2018-10550 HIGH
Octopus Deploy <2018.4.7 - Info Disclosure
CVSS 7.5
CVE-2018-10079 HIGH
Geist WatchDog Console <3.2.2 - Info Disclosure
CVSS 7.8
CVE-2018-10190 HIGH
Private Internet Access VPN Client v77 - Unauthenticated Privilege Escalation
CVSS 7.8
CVE-2018-10172 HIGH
7-Zip <18.01 - Privilege Escalation
CVSS 8.8
CVE-2018-4173 MEDIUM
iPhone OS < 11.3 and macOS < 10.13.4 - Unauthorized Microphone Access via Status Bar
CVSS 5.5
CVE-2018-1000141 CRITICAL
I, Librarian <4.9 - Privilege Escalation
CVSS 9.1
CVE-2018-4844 MEDIUM
SIMATIC WinCC OA UI < 3.15.10 - Improper Access Control via HMI Project Cache Folder
CVSS 6.7
CVE-2018-1000133 HIGH
Pitchfork <1.4.6.1 - Privilege Escalation
CVSS 7.5
CVE-2018-1182 HIGH
EMC RSA <7.0.2 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits