CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,832 vulnerabilities with CWE-269
CVE-2023-40106 HIGH
Android - Local Privilege Escalation via Background Activity Launch Bypass
CVSS 7.8
CVE-2023-45581 HIGH
FortiClientEMS 7.2.0-7.2.2 and < 7.0.10 - Authenticated Privilege Escalation via HTTP Requests
CVSS 8.8
CVE-2023-25535 HIGH
Dell SupportAssist for Home PCs < 3.13.2.19 - Local Privilege Escalation via Installer Executable
CVSS 7.2
CVE-2023-52431 HIGH
Plack::Middleware::XSRFBlock < 0.0.19 - CSRF Protection Bypass via Empty Form Value and Cookie
CVSS 8.8
CVE-2023-47132 CRITICAL
n-able n-central < 2023.7 - Privilege Escalation via API Calls
CVSS 9.8
CVE-2023-32451 HIGH
Dell Display Manager <2.1.1.17 - Code Injection
CVSS 7.3
CVE-2023-28049 MEDIUM
Dell Command | Monitor < 10.9.1 - Authenticated Arbitrary Folder Deletion
CVSS 4.7
CVE-2023-31005 MEDIUM
IBM Security Verify Access - Privilege Escalation
CVSS 6.2
CVE-2023-36496 HIGH
Delegated Admin Privilege - Privilege Escalation
CVSS 7.7
CVE-2023-43317 HIGH
Coign CRM Portal <6.06 - Privilege Escalation
CVSS 8.8
CVE-2023-52337 HIGH
Trend Micro Deep Security 20.0 - Privilege Escalation via Improper Access Control
CVSS 7.8
CVE-2023-52093 HIGH
Trend Micro Apex One - Privilege Escalation
CVSS 7.8
CVE-2023-47201 HIGH
Trend Micro Apex One < 14.0.12737 - Local Privilege Escalation via Plug-in Manager Origin Validation
CVSS 7.8
CVE-2023-52105 HIGH
Huawei HarmonyOS - Privilege Escalation
CVSS 7.5
CVE-2023-52116 HIGH
Multi-Screen Interaction Module - Info Disclosure
CVSS 7.5
CVE-2023-52114 HIGH
Huawei EMUI and HarmonyOS - Data Confidentiality Vulnerability in ScreenReader Module
CVSS 7.5
CVE-2023-52107 HIGH
Huawei EMUI and HarmonyOS - Improper Privilege Management in WMS Module
CVSS 7.5
CVE-2023-6740 HIGH
Checkmk < 2.2.0p18, 2.1.0p38, 2.0.0p39 - Privilege Escalation via jar_signature Agent Plugin
CVSS 8.8
CVE-2023-6735 HIGH
Checkmk < 2.2.0p18, 2.1.0p38, 2.0.0p39 - Privilege Escalation via mk_tsm Agent Plugin
CVSS 8.8
CVE-2023-44250 HIGH
FortiProxy 7.4.0-7.4.1 and 7.2.5 - Authenticated Privilege Escalation via HTTP/HTTPS Requests
CVSS 8.8
CVE-2023-47145 HIGH
IBM Db2 10.5-11.5 - Privilege Escalation via MSI Repair Functionality
CVSS 8.4
CVE-2023-41784 MEDIUM
ZTE Red Magic 8 Pro Firmware - Improper Privilege Management
CVSS 6.6
CVE-2023-30617 MEDIUM
Kruise <1.3.1-1.5.2 - Privilege Escalation
CVSS 6.5
CVE-2023-50921 CRITICAL
GL.iNet Firmware - Unauthenticated Privilege Escalation via add_user Interface
CVSS 9.8
CVE-2023-41776 MEDIUM
ZTE ZXCLOUD iRAI < 7.23.32 - Local Privilege Escalation via Fake Process Creation
CVSS 6.7
Details
Vulnerabilities 2,832
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits