CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,832 vulnerabilities with CWE-269
CVE-2023-29066 LOW
FACSChorus - Improper Privilege Management in Local Application Data Folders
CVSS 3.2
CVE-2023-5960 MEDIUM
Zyxel ZLD 4.50-5.37 - Authenticated Improper Privilege Management in Hotspot Feature
CVSS 5.5
CVE-2023-5797 MEDIUM
Zyxel ZLD 4.32-5.37 - Authenticated Privilege Escalation via Debug CLI Command
CVSS 5.5
CVE-2023-5650 MEDIUM
Zyxel ZLD 4.32-5.37 - Authenticated Privilege Escalation via ZySH Registration Page URL Modification
CVSS 5.5
CVE-2023-37925 MEDIUM
Zyxel ZLD >=4.32 <5.37 - Authenticated Improper Privilege Management via Debug CLI Command
CVSS 5.5
CVE-2023-41808 HIGH
Pandora FMS 700-773 - Unauthenticated Privilege Escalation
CVSS 8.5
CVE-2023-41807 CRITICAL
Pandora FMS 700-773 - Privilege Escalation via System Shell
CVSS 9.1
CVE-2023-41806 HIGH
Pandora FMS 700-773 - Improper Privilege Management
CVSS 8.2
CVE-2023-20274 MEDIUM
Cisco AppDynamics PHP Agent - Privilege Escalation
CVSS 6.3
CVE-2023-6119 MEDIUM
Trellix GetSusp <5.0.0.27 - Privilege Escalation
CVSS 6.5
CVE-2023-44292 MEDIUM
Dell Repository Manager < 3.4.4 - Privilege Escalation via Installation Module
CVSS 6.7
CVE-2023-44282 MEDIUM
Dell Repository Manager < 3.4.3 - Privilege Escalation via Installation Module
CVSS 6.7
CVE-2023-39335 CRITICAL
Ivanti Endpoint Manager Mobile < 11.9.0 - Unauthenticated User Impersonation during Device Enrollment
CVSS 9.8
CVE-2023-31273 CRITICAL
Intel DCM <5.2 - Privilege Escalation
CVSS 10.0
CVE-2023-28737 HIGH
Intel(R) Aptio* V - Privilege Escalation
CVSS 8.8
CVE-2023-20565 HIGH
AMD Ryzen 3/5/7 Firmware < comboam4v2_1.2.0.b or < comboam5_1.0.7.0 - Privilege Escalation via SMM Code
CVSS 7.8
CVE-2023-20563 HIGH
AMD Ryzen 3/5/7 Firmware < comboam4v2_1.2.0.b or < comboam5_1.0.7.0 - Privilege Escalation via SMM
CVSS 7.8
CVE-2023-47629 HIGH
DataHub < 0.12.1 - Privilege Escalation via Invite Link Sign-Up
CVSS 7.1
CVE-2023-6099 HIGH
Szjocat Facial Love Cloud Platform < 1.0.55.0.0.1 - Improper Privilege Management
CVSS 7.3
CVE-2023-47611 HIGH
Telit Cinterion BGS5 EHS5/6/8 PDS5/6/8 ELS61/81 PLS62 - Privilege Escalation to Manufacturer Level
CVSS 7.8
CVE-2023-36024 HIGH
Microsoft Edge < - Privilege Escalation
CVSS 7.1
CVE-2023-5549 LOW
moodle < 3.9.24 and >= 4.3.0-rc2 - Improper Access Control in Category Management
CVSS 3.3
CVE-2023-41138 HIGH
AppsAnywhere macOS - Command Injection
CVSS 7.5
CVE-2023-46758 HIGH
Multi-Screen Interaction Module - Info Disclosure
CVSS 7.5
CVE-2023-46756 MEDIUM
Window Management Module - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 2,832
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits