CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,834 vulnerabilities with CWE-269
CVE-2022-46334 HIGH
Proofpoint Enterprise Protection <8.19.0 - Privilege Escalation
CVSS 7.8
CVE-2022-38065 HIGH
OpenStack <05194e7618 - Privilege Escalation
CVSS 8.8
CVE-2022-38060 HIGH
OpenStack Kolla - Privilege Escalation
CVSS 8.8
CVE-2022-42046 HIGH
wfs heaven_burns_red < 2.5.0 - Local Privilege Escalation via IOCTL
CVSS 7.8
CVE-2022-46327 CRITICAL
Some Smartphones - Privilege Escalation
CVSS 9.8
CVE-2022-31707 HIGH
vRealize Operations 8.6.0-8.6.4.20823815 - Privilege Escalation
CVSS 7.2
CVE-2022-42855 HIGH
iPadOS < 15.7.2 - Improper Privilege Management
CVSS 7.1
CVE-2022-42849 HIGH
iPadOS < 16.2 - Privilege Escalation via Privileged API Calls
CVSS 7.8
CVE-2022-44689 HIGH
Windows Subsystem for Linux - Privilege Escalation
CVSS 7.8
CVE-2022-38124 MEDIUM
Secomea SiteManager - Privilege Escalation
CVSS 5.7
CVE-2022-41268 HIGH
SAP - Privilege Escalation
CVSS 8.5
CVE-2022-4314 CRITICAL
ikus060/rdiffweb <2.5.2 - Privilege Escalation
CVSS 9.8
CVE-2022-37929 MEDIUM
HPE Nimble Storage Arrays < 5.2.1.900 - Privilege Management Issue
CVSS 6.7
CVE-2022-3641 HIGH
Devolutions Remote Desktop Manager 2022.3.13-2022.3.24 - Authenticated Privilege Escalation in Azure SQL Data Source
CVSS 8.8
CVE-2022-23485 MEDIUM
Sentry 20.6.0-22.10.0 - Improper Access Control via Invite Link Cookie Manipulation
CVSS 6.4
CVE-2022-4264 MEDIUM
M-Files < 22.8.11691.0 - Incorrect Privilege Assignment in Web (Classic)
CVSS 6.5
CVE-2022-41948 MEDIUM
DHIS 2 2.34.0-2.36.12.1 - Authenticated Privilege Escalation via HTTP PUT Request
CVSS 6.7
CVE-2022-42888 CRITICAL
ARMember < 5.5.1 - Unauthenticated Privilege Escalation
CVSS 9.8
CVE-2022-4173 HIGH
Avast and AVG Antivirus 20.5-22.9 - Privilege Escalation via Malware Removal Functionality
CVSS 7.3
CVE-2022-32633 MEDIUM
Android - Local Privilege Escalation in Wi-Fi Component
CVSS 6.7
CVE-2022-4281 MEDIUM
Facepay 1.0 - Authorization Bypass via userId Parameter
CVSS 6.3
CVE-2022-46410 HIGH
Veritas NetBackup Flex Scale <3.0 - Privilege Escalation
CVSS 8.8
CVE-2022-4270 LOW
M-Files Server < 22.5.11436.1 - Incorrect Privilege Assignment in M-Files Web
CVSS 2.0
CVE-2022-23737 MEDIUM
GitHub Enterprise Server < 3.2.20 - Improper Privilege Management via API
CVSS 6.5
CVE-2022-1606 LOW
M-Files Server < 22.3.11237.3 - Incorrect Privilege Assignment
CVSS 2.4
Details
Vulnerabilities 2,834
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits