CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2017-1000082 CRITICAL
systemd <233 - Privilege Escalation
CVSS 9.8
CVE-2017-1326 MEDIUM
IBM Sterling File Gateway - Privilege Escalation
CVSS 4.3
CVE-2017-7922 HIGH
Cambium Networks ePMP - Improper Privilege Management via SNMP Community Strings
CVSS 7.6
CVE-2017-7918 MEDIUM
Cambium Networks ePMP - Improper Access Control via SNMP Configuration Export
CVSS 6.8
CVE-2017-4992 CRITICAL
Cloud Foundry Foundation cf-release <v261 - Privilege Escalation
CVSS 9.8
CVE-2017-4991 HIGH
Cloud Foundry Foundation cf-release <v260 - Privilege Escalation
CVSS 7.2
CVE-2017-4973 HIGH
Cloud Foundry Foundation cf-release <v257 - Privilege Escalation
CVSS 8.8
CVE-2017-9324 HIGH
OTRS 3.3.x-5.0.19 - Privilege Escalation
CVSS 8.8
CVE-2017-7312 CRITICAL
Personify360 e-Business <7.6.1 - Info Disclosure
CVSS 9.8
CVE-2017-8438 HIGH
Elastic X-Pack Security 5.0.0-5.4.0 - Improper Privilege Management in run_as Functionality
CVSS 8.8
CVE-2017-7505 HIGH
Foreman <1.5 - Privilege Escalation
CVSS 8.8
CVE-2017-6623 HIGH
Cisco Policy Suite 10.0.0, 10.1.0, 11.0.0 - Authenticated Privilege Escalation via Sudoers Misconfiguration
CVSS 7.8
CVE-2017-7489 MEDIUM
Moodle 2.x-3.x - Privilege Escalation
CVSS 6.3
CVE-2017-4982 CRITICAL
EMC Mainframe Enablers ResourcePak Base <8.1.0 - Privilege Escalation
CVSS 9.8
CVE-2017-5689 CRITICAL KEV
Intel AMT Digest Authentication Bypass Scanner
CVSS 9.8
CVE-2017-8114 HIGH
Roundcube Webmail < 1.0.11, 1.1.x < 1.1.9, 1.2.x < 1.2.5 - Authenticated Arbitrary Password Reset via Password Plugin
CVSS 8.8
CVE-2017-2094 MEDIUM
Cybozu Garoon 3.0.0-4.2.3 - Authenticated Privilege Escalation in Workflow and MultiReport
CVSS 4.3
CVE-2017-8308 HIGH
Avast Antivirus < 12.3.2279 - Unauthenticated Privilege Escalation via Trusted Process Bypass
CVSS 7.5
CVE-2017-6339 MEDIUM
Trend Micro InterScan Web Security Virtual Appliance < 6.5 CP 1746 - Privilege Escalation via Certificate Handling
CVSS 6.5
CVE-2017-0360 MEDIUM
Tryton 3.x-4.2.2 - Authenticated Arbitrary File Read via Same Root Name Suffix Attack
CVSS 5.3
CVE-2017-5671 HIGH
Honeywell Intermec Printers < 10.11.013310 - Local Privilege Escalation via BusyBox Jailbreak
CVSS 8.8
CVE-2017-6507 MEDIUM
AppArmor < 2.12 - Improper Privilege Management via Profile Handling
CVSS 5.9
CVE-2017-5207 HIGH
Firejail <0.9.44.4 - Privilege Escalation
CVSS 7.8
CVE-2017-5623 MEDIUM
OxygenOS < 4.0.3 - Improper Privilege Management via Fastboot Command
CVSS 6.6
CVE-2017-6954 MEDIUM
BuddyPress Docs <1.9.3 - Privilege Escalation
CVSS 4.3
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits