CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,830 vulnerabilities with CWE-269
CVE-2024-1764 HIGH
Devolutions Server < 2023.3.16.0 - Improper Privilege Management in JIT Elevation Module
CVSS 7.6
CVE-2024-25847 CRITICAL
MyPrestaModules Product Catalog Import < 6.5.0 - SQL Injection & Privilege Escalation
CVSS 9.8
CVE-2024-25842 HIGH
Presta World Account Manager < 9.0.0 - Privilege Escalation & Info Disclosure
CVSS 7.5
CVE-2024-0819 HIGH
TeamViewer <15.51.5 - Privilege Escalation
CVSS 7.3
CVE-2024-0197 HIGH
Thales SafeNet Sentinel HASP LDK < 9.16 - Privilege Escalation via Installer
CVSS 7.8
CVE-2024-24402 CRITICAL
Nagios XI 2024R1.01 - Privilege Escalation via npcd Script Injection
CVSS 9.8
CVE-2024-0439 HIGH
AnythingLLM < 1.0.0 - Improper Privilege Management via HTTP Request
CVSS 8.8
CVE-2024-22235 MEDIUM
VMware Aria Operations - Privilege Escalation
CVSS 6.7
CVE-2024-21892 HIGH
Node.js 18.0.0-18.19.1 - Privilege Escalation via Incorrect CAP_NET_BIND_SERVICE Exception
CVSS 7.8
CVE-2024-0622 HIGH
OpenText Operations Agent <12.25 - Privilege Escalation
CVSS 8.8
CVE-2024-0353 HIGH
ESET Endpoint Antivirus < 8.1.2062.0 - Local Privilege Escalation via File Deletion
CVSS 7.8
CVE-2024-25106 CRITICAL
OpenObserve < 0.8.0 - Authenticated Unauthorized User Removal via /api/{org_id}/users/{email_id} Endpoint
CVSS 9.1
CVE-2024-24830 CRITICAL
OpenObserve < 0.8.0 - Authenticated Privilege Escalation via User Creation Endpoint
CVSS 9.9
CVE-2024-23764 MEDIUM
WithSecure Client Security 15 and later - Local Privilege Escalation
CVSS 6.7
CVE-2024-22795 HIGH
Forescout SecureConnector <11.3.06.0063 - Privilege Escalation
CVSS 7.0
CVE-2024-22239 MEDIUM
Aria Operations for Networks - Privilege Escalation
CVSS 5.3
CVE-2024-22237 HIGH
Aria Operations for Networks - Privilege Escalation
CVSS 7.8
CVE-2024-24747 HIGH
MinIO < 0.0.0-20240131185645-0ae4915a9391 - Improper Privilege Management via Access Key Permission Inheritance
CVSS 8.8
CVE-2024-21888 HIGH
Ivanti Connect Secure 9.x, 22.x and Policy Secure 9.x, 22.x - Privilege Escalation
CVSS 8.8
CVE-2024-0833 HIGH
Telerik Test Studio <v2023.3.1330 - Privilege Escalation
CVSS 7.8
CVE-2024-0832 HIGH
Telerik Reporting <2024 R1 - Privilege Escalation
CVSS 7.8
CVE-2024-0219 HIGH
Telerik JustDecompile < 2019.1.118.0 - Privilege Escalation via Installer Manipulation
CVSS 7.8
CVE-2024-0674 MEDIUM
Lamassu Bitcoin ATM Douro 7.1 - Privilege Escalation
CVSS 6.3
CVE-2024-21985 HIGH
ONTAP 9 <9.9.1P18-9.13.1P4 - Privilege Escalation
CVSS 7.6
CVE-2024-23620 HIGH
IBM Merge Healthcare eFilm Workstation < 4.2 - Authenticated Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 2,830
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits