CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,834 vulnerabilities with CWE-269
CVE-2022-27487 HIGH
FortiSandbox 2.5.0-4.2.2 and FortiDeceptor 1.0-4.1.0 - Authenticated Unauthorized API Access via Crafted HTTP Requests
CVSS 8.8
CVE-2022-48227 HIGH
Acuant AsureID Sentinel < 5.2.149 - Privilege Escalation via Notepad Execution
CVSS 7.8
CVE-2022-48226 HIGH
Acuant AcuFill SDK < 10.22.02.03 - Privilege Escalation via Temp Directory EXE Execution
CVSS 7.8
CVE-2022-48353 CRITICAL
Huawei EMUI - Improper Privilege Management
CVSS 9.8
CVE-2022-43863 MEDIUM
IBM QRadar SIEM <7.5 - Privilege Escalation
CVSS 6.7
CVE-2022-48365 HIGH
Ibexa Digital Experience Platform 3.3.0-3.3.27 - Improper Privilege Management via Company Admin Role
CVSS 7.2
CVE-2022-39953 HIGH
Fortinet FortiNAC Privilege Escalation via Crafted Commands
CVSS 7.8
CVE-2022-45988 HIGH
starsoftcomm CooCare < 5.364 - Privilege Escalation via Crafted File Upload
CVSS 7.8
CVE-2022-45608 HIGH
ThingsBoard 3.4.1 - Privilege Escalation via Authority Parameter Manipulation
CVSS 8.8
CVE-2022-27677 HIGH
AMD Ryzen Master < 2.10.1.2287 - Privilege Escalation via Improper Privilege Validation
CVSS 7.8
CVE-2022-32949 HIGH
iPadOS < 15.7.1 - Arbitrary Code Execution with Kernel Privileges
CVSS 7.8
CVE-2022-32900 HIGH
macOS 11.0-11.7 - Privilege Escalation via Logic Issue
CVSS 7.8
CVE-2022-48284 CRITICAL
Huawei HiLink AI Life - Incorrect Privilege Assignment
CVSS 9.8
CVE-2022-48283 CRITICAL
Huawei HiLink AI Life - Incorrect Privilege Assignment
CVSS 9.8
CVE-2022-48341 HIGH
ThingsBoard 3.4.1 - Authenticated Vertical Privilege Escalation via Scopes Parameter
CVSS 8.8
CVE-2022-43927 MEDIUM
IBM Db2 10.5, 11.1, 11.5 - Information Disclosure via Specially Crafted Table Access
CVSS 5.9
CVE-2022-38378 MEDIUM
Fortinet FortiOS <7.2.0-7.0.7 - Privilege Escalation
CVSS 4.2
CVE-2022-42455 HIGH
ASUS Armoury Crate < 5.3.4.1 - Improper Privilege Management via EC Tool Driver IOCTL Handlers
CVSS 7.8
CVE-2022-42735 HIGH
Apache ShenYu 2.5.0 - Privilege Escalation via User Creation
CVSS 8.8
CVE-2022-34384 HIGH
Dell SupportAssist and Update < 4.5.0 - Local Privilege Escalation in Advanced Driver Restore
CVSS 7.8
CVE-2022-48286 HIGH
Huawei EMUI and HarmonyOS - Privilege Escalation in Multi-Screen Collaboration Module
CVSS 7.5
CVE-2022-38777 HIGH
Elastic Endpoint Security - Privilege Escalation
CVSS 7.8
CVE-2022-43759 HIGH
SUSE Rancher <2.5.17-2.6.10 - Privilege Escalation
CVSS 7.2
CVE-2022-48019 HIGH
Another Eden < 2.14.200 and < 3.0.20 - Privilege Escalation via wfshbr64.sys and wfshbr32.sys
CVSS 7.8
CVE-2022-3990 HIGH
HPSFViewer < 8.6.3.1 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 2,834
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits