CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,829 vulnerabilities with CWE-269
CVE-2024-24409 HIGH
ManageEngine ADManager Plus <= 7203 - Privilege Escalation via Modify Computers Option
CVSS 8.8
CVE-2024-8424 HIGH
WatchGuard EPDR <8.00.23.0000, Panda AD360 <8.00.23.0000, Panda Dom...
CVSS 7.8
CVE-2024-8810 MEDIUM
GitHub Enterprise Server <3.14 - Privilege Escalation
CVSS 6.5
CVE-2024-10203 HIGH
Zohocorp Manageengine Endpoint Central < 11.3.2416.21 - Improper Privilege Management
CVSS 7.0
CVE-2024-51521 MEDIUM
HarmonyOS - Denial of Service via Background Service Input Parameter
CVSS 5.7
CVE-2024-20374 MEDIUM
Cisco Secure Firewall Management Center - Command Injection
CVSS 6.5
CVE-2024-48903 HIGH
Trend Micro Deep Security Agent < 20.0.1 - Privilege Escalation
CVSS 7.8
CVE-2024-9002 HIGH
Schneider Electric Easergy Studio - Improper Privilege Management via Binary Tampering
CVSS 7.8
CVE-2024-22068 MEDIUM
ZTE ZXR10 Series Firmware < 6.00.10 - Improper Privilege Management
CVSS 6.0
CVE-2024-9518 CRITICAL
UserPlus < 2.0 - Unauthenticated Privilege Escalation via Role Parameter
CVSS 9.8
CVE-2024-38818 MEDIUM
VMware NSX 4.x and VMware Cloud Foundation 5.x - Authenticated Privilege Escalation
CVSS 6.7
CVE-2024-9471 MEDIUM
Palo Alto Networks PAN-OS 9.0.0-9.9.9 - Authenticated Privilege Escalation via XML API Key Misuse
CVSS 4.7
CVE-2024-3057 CRITICAL
NetApp FlashArray - Privilege Escalation
CVSS 9.8
CVE-2024-45919 MEDIUM
Solvait 24.4.2 - Privilege Escalation via Request ID and Action Type Manipulation
CVSS 6.5
CVE-2024-45297 MEDIUM
Discourse < 3.3.2 and < 3.4.0 - Improper Privilege Management
CVSS 5.3
CVE-2024-44439 MEDIUM
Shanghai Zhouma Network Tech IMS IoT <1.9.1 - Privilege Escalation
CVSS 5.9
CVE-2024-44097 CRITICAL
Google Nest Doorbell (Battery) Firmware < 1.73c - Improper Certificate Validation
CVSS 9.8
CVE-2024-9265 CRITICAL
Echo RSS Feed Post Generator <= 5.4.6 - Unauthenticated Privilege Escalation via Registration Role Manipulation
CVSS 9.8
CVE-2024-28813 HIGH
Infinera hiT 7300 5.60.50 - Improper Privilege Management via Undocumented @CT Functions
CVSS 8.4
CVE-2024-46549 HIGH
TP-Link Kasa KP125M <1.0.3 - Open Redirect
CVSS 7.6
CVE-2024-22893 HIGH
OpenSlides 4.0.15 - Info Disclosure
CVSS 7.5
CVE-2024-45373 HIGH
ProGauge MAGLINK LX4 CONSOLE - Privilege Escalation
CVSS 8.8
CVE-2024-8263 LOW
GitHub Enterprise - Privilege Escalation
CVSS 2.7
CVE-2024-44540 MEDIUM
Ubiquiti AirMax <8 - Privilege Escalation
CVSS 6.6
CVE-2024-39342 MEDIUM
Entrust Instant Financial Issuance <6.10.0 - Privilege Escalation
CVSS 6.6
Details
Vulnerabilities 2,829
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits