CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,834 vulnerabilities with CWE-269
CVE-2023-28758 HIGH
Veritas NetBackup <8.3.0.2 - Info Disclosure
CVSS 7.1
CVE-2023-28434 HIGH KEV
Minio <RELEASE.2023-03-20T20-16-18Z - Auth Bypass
CVSS 8.8
CVE-2023-25590 HIGH
ClearPass Policy Manager - Privilege Escalation via OnGuard Linux Agent
CVSS 7.8
CVE-2023-21458 MEDIUM
Samsung Android - Improper Privilege Management in PhoneStatusBarPolicy
CVSS 6.2
CVE-2023-24760 HIGH
Ofcms <1.1.4 - Privilege Escalation
CVSS 8.8
CVE-2023-28339 HIGH
OpenDoas < 6.8.2 - Privilege Escalation via TIOCSTI Terminal Sharing
CVSS 8.8
CVE-2023-27589 MEDIUM
Minio RELEASE.2020-12-23T02-24-12Z-RELEASE.2023-03-13T19-46-17Z - Privilege Escalation via Root Credential Overwrite
CVSS 6.5
CVE-2023-23412 HIGH
Windows 10 and Windows Server - Elevation of Privilege via Accounts Picture
CVSS 7.8
CVE-2023-25144 HIGH
Trend Micro Apex One < 14.0.11960 - Improper Privilege Management
CVSS 7.8
CVE-2023-26600 MEDIUM
ManageEngine - Privilege Escalation
CVSS 6.5
CVE-2023-26604 HIGH
systemd <247 - Privilege Escalation
CVSS 7.8
CVE-2023-26475 CRITICAL
XWiki Platform <2.3-milestone-1 - RCE
CVSS 9.9
CVE-2023-23497 HIGH
macOS 11.0-11.7.2 - Privilege Escalation to Root via Logic Issue
CVSS 7.8
CVE-2023-24483 HIGH
Citrix Virtual Apps and Desktops - Privilege Escalation
CVSS 7.8
CVE-2023-25011 HIGH
NEC PC Settings Tool < 10.1.26.0 and <= 11.0.22.0 - Privilege Escalation via Registry Write
CVSS 7.8
CVE-2023-21777 HIGH
Azure App Service on Azure Stack Hub - Privilege Escalation
CVSS 8.7
CVE-2023-25149 HIGH
TimescaleDB 2.8.0-2.9.2 - Privilege Escalation via Telemetry Job Search Path
CVSS 8.8
CVE-2023-21421 MEDIUM
Samsung Android KnoxCustomManagerService - Improper Privilege Management
CVSS 5.9
CVE-2023-20854 HIGH
VMware Workstation - Arbitrary File Deletion
CVSS 8.4
CVE-2023-0524 HIGH
Nessus - Privilege Escalation via Plugin Environment Variable Manipulation
CVSS 8.8
CVE-2023-23629 MEDIUM
Metabase < 0.43.7.1 - Improper Privilege Management via Dashboard Subscription
CVSS 6.3
CVE-2023-23610 MEDIUM
GLPI < 9.5.12 - Improper Privilege Management via Data Export
CVSS 6.5
CVE-2023-0101 HIGH
Nessus <10.4.1 - Privilege Escalation
CVSS 8.8
CVE-2023-22331 HIGH
CONPROSYS HMI System <3.4.5 - Info Disclosure
CVSS 7.5
CVE-2023-0242 HIGH
Rapid7 Velociraptor - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 2,834
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits