CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2017-15052 MEDIUM
TeamPass < 2.1.27.9 - Authenticated Privilege Escalation via users.queries.php ID Parameter Tampering
CVSS 4.9
CVE-2017-1000241 HIGH
OpenEMR <5.0.1 - Privilege Escalation
CVSS 8.1
CVE-2017-12635 CRITICAL
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
CVSS 9.8
CVE-2017-16520 HIGH
Inedo BuildMaster <5.8.2 - Privilege Escalation
CVSS 7.5
CVE-2017-14031 HIGH
Trihedral VTScada <11.3.03 - Info Disclosure
CVSS 7.8
CVE-2017-1000156 MEDIUM
Mahara <15.04.9, <15.10.5, <16.04.3 - Privilege Escalation
CVSS 6.5
CVE-2017-9450 HIGH
aws-cfn-bootstrap <1.4-19.10 - Code Injection
CVSS 7.8
CVE-2017-5084 LOW
Google Chrome OS <59.0.3071.92 - Info Disclosure
CVSS 3.3
CVE-2017-15917 MEDIUM
Paessler PRTG Network Monitor 17.3.33.2830 - Improper Privilege Management via Map Creation Request Forgery
CVSS 6.5
CVE-2017-14330 MEDIUM
Extreme EXOS <22.x - Privilege Escalation
CVSS 6.7
CVE-2017-14329 MEDIUM
ExtremeXOS 16.x 21.x 22.x - Authenticated Privilege Escalation via exsh Debug Shell
CVSS 6.7
CVE-2017-10292 LOW
Oracle Database 11.2.0.4 12.1.0.2 12.2.0.1 - Authenticated Unauthorized Data Manipulation in RDBMS Security
CVSS 2.3
CVE-2017-15014 MEDIUM
OpenText Documentum Content Server < 7.3 - Authenticated Arbitrary File Download via DATA_TICKET Manipulation
CVSS 4.3
CVE-2017-15013 HIGH
OpenText Documentum Content Server < 7.3 - Authenticated Privilege Escalation via dmr_content Object Manipulation
CVSS 8.8
CVE-2017-10857 MEDIUM
Cybozu Office 10.0.0-10.6.1 - Authenticated Privilege Escalation via Cabinet Function
CVSS 4.3
CVE-2017-5722 HIGH
Intel Nuc7i7bnh Firmware - Improper Privilege Management
CVSS 7.5
CVE-2017-13721 MEDIUM
X.Org Server < 1.19.4 - Authenticated Shared Memory Segment Replacement
CVSS 4.7
CVE-2017-12728 HIGH
SpiderControl SCADA Web Server < 2.02.0007 - Authenticated Privilege Escalation via Service Executable Modification
CVSS 7.8
CVE-2017-1000104 MEDIUM
Config File Provider Plugin < 2.16.1 - Unauthenticated Sensitive File Access
CVSS 6.5
CVE-2017-14349 CRITICAL
HPE SiteScope 11.2x and 11.3x - Improper Privilege Management
CVSS 9.8
CVE-2017-8448 HIGH
Elastic X-Pack Alerting 5.0.0-5.6.0 - Improper Privilege Management via Watch Creation
CVSS 8.8
CVE-2017-8447 MEDIUM
Elastic X-Pack Security 5.3.0-5.5.2 - Improper Privilege Management
CVSS 6.5
CVE-2017-9724 HIGH
Qualcomm Android - Privilege Escalation
CVSS 7.8
CVE-2017-14484 HIGH
Gentoo sci-mathematics/gimps <28.10-r1 - Privilege Escalation
CVSS 7.3
CVE-2017-14124 MEDIUM
eLux RP <5.5.1000-5.6.2 - Privilege Escalation
CVSS 6.3
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits