CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,833 vulnerabilities with CWE-269
CVE-2023-32487 HIGH
Dell PowerScale OneFS 9.2.1.0-9.2.1.21 and 9.5.0.0-9.5.0.2 - Privilege Escalation
CVSS 7.8
CVE-2023-21272 HIGH
Android - Local Privilege Escalation via URI Permission Grant
CVSS 7.8
CVE-2023-21269 HIGH
Android - Local Privilege Escalation via Background Activity PiP Mode Bypass
CVSS 7.8
CVE-2023-38721 HIGH
IBM i 7.2-7.5 - Local Privilege Escalation via Facsimile Support
CVSS 8.4
CVE-2023-0872 HIGH
OpenNMS Horizon 31.0.8-31.0.11 and Meridian 2020.0.0-2020.1.37 - Privilege Escalation via Users Endpoint
CVSS 8.2
CVE-2023-3160 HIGH
ESET Endpoint Antivirus - Improper Privilege Management via Module Update File Operations
CVSS 7.8
CVE-2023-4293 HIGH
Wpdownloadmanager Premium Packages - Sell Digital Products Securely < 5.7.5 - Privilege Escalation
CVSS 8.8
CVE-2023-30680 HIGH
Samsung Android - Incorrect Privilege Assignment in MMIGroup
CVSS 8.4
CVE-2023-37859 HIGH
PHOENIX CONTACT WP 6xxx Series Firmware < 4.0.10 - Authenticated Remote Code Execution via SNMP Daemon
CVSS 7.2
CVE-2023-4239 HIGH
Real Estate Manager <6.7.1 - Privilege Escalation
CVSS 8.8
CVE-2023-39211 HIGH
Zoom Desktop Client <5.15.5 - Info Disclosure
CVSS 8.8
CVE-2023-4009 HIGH
MongoDB Ops Manager <5.0.22, <6.0.17 - Privilege Escalation
CVSS 7.2
CVE-2023-39520 MEDIUM
Cryptomator < 1.9.3 - Local Privilege Escalation via MSI Installer Repair Function
CVSS 5.5
CVE-2023-4140 MEDIUM
WP Ultimate CSV Importer < 7.9.8 - Authenticated Privilege Escalation via wp_capabilities Parameter
CVSS 6.6
CVE-2023-20216 MEDIUM
Cisco BroadWorks - Privilege Escalation
CVSS 4.4
CVE-2023-31432 HIGH
Brocade Fabric OS <9.1.1c, 9.2.0 - Privilege Escalation
CVSS 7.8
CVE-2023-38496 MEDIUM
Apptainer <1.2.1 - Privilege Escalation
CVSS 6.1
CVE-2023-37907 HIGH
Cryptomator < 1.9.2 - Local Privilege Escalation via MSI Installer Repair Function
CVSS 7.0
CVE-2023-38058 MEDIUM
OTRS 8.0.0-8.0.34 - Authenticated Improper Privilege Management in Ticket Move Action
CVSS 4.1
CVE-2023-37917 CRITICAL
KubePi < 1.6.5 - Privilege Escalation via User Profile Update
CVSS 9.1
CVE-2023-38187 MEDIUM
Microsoft Edge < - Privilege Escalation
CVSS 6.5
CVE-2023-3467 HIGH
Citrix NetScaler ADC and Gateway 12.1-55.297 13.0-91.13 - Privilege Escalation to Root Administrator
CVSS 8.0
CVE-2023-30799 CRITICAL
MikroTik RouterOS < 6.48.7 and 6.34-6.49.7 - Authenticated Privilege Escalation via Winbox or HTTP Interface
CVSS 9.1
CVE-2023-22023 HIGH
Oracle Solaris <11 - Privilege Escalation
CVSS 7.8
CVE-2023-30989 HIGH
IBM Performance Tools for i <7.6 - Privilege Escalation
CVSS 8.4
Details
Vulnerabilities 2,833
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits