CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,834 vulnerabilities with CWE-269
CVE-2022-3421 MEDIUM
Google Drive < 64.0 - Privilege Escalation via Directory Symlink Attack
CVSS 5.6
CVE-2022-2249 HIGH
Avaya Aura Communication Manager 8.0.0.0-8.1.3.3 and 10.1.0.0 - Authenticated Privilege Escalation
CVSS 7.7
CVE-2022-41032 HIGH
NuGet Client - Privilege Escalation
CVSS 7.8
CVE-2022-3422 HIGH
tooljet < 1.26.1 - Account Takeover via Password Hash and Reset Token Exposure
CVSS 7.5
CVE-2022-2975 HIGH
Avaya Aura Application Enablement Ser... - Improper Privilege Management
CVSS 7.7
CVE-2022-2637 MEDIUM
Hitachi Storage Plug-in for VMware vCenter 04.8.0-04.8.9 - Authenticated Privilege Escalation
CVSS 5.4
CVE-2022-41975 HIGH
RealVNC VNC Server < 6.11.0 and VNC Viewer < 6.22.826 - Local Privilege Escalation via MSI Installer Repair Mode
CVSS 7.8
CVE-2022-39032 HIGH
Smart eVision - Privilege Escalation
CVSS 8.8
CVE-2022-41604 HIGH
Check Point ZoneAlarm Extreme Security <15.8.211.19229 - Privilege Escalation
CVSS 8.8
CVE-2022-32829 HIGH
iPadOS < 15.6 - Arbitrary Code Execution with Kernel Privileges
CVSS 7.8
CVE-2022-32826 HIGH
iPadOS < 15.6 - Improper Privilege Management
CVSS 7.8
CVE-2022-32819 HIGH
iPadOS < 15.6 - Improper Privilege Management
CVSS 7.8
CVE-2022-32801 HIGH
macOS 12.0-12.4 - Privilege Escalation to Root
CVSS 7.8
CVE-2022-32782 MEDIUM
macOS 12.0-12.3 - Unprotected User Data Exposure via Hardened Runtime Bypass
CVSS 4.4
CVE-2022-32781 MEDIUM
iPadOS < 15.5 - Unauthorized Private Information Access via Hardened Runtime Bypass
CVSS 4.4
CVE-2022-35257 HIGH
UI Desktop < 0.55.3.17 - Local Privilege Escalation
CVSS 7.8
CVE-2022-30121 MEDIUM
Ivanti Endpoint Manager < 2021.1.1 - Privilege Escalation via LANDesk Management Agent Service
CVSS 6.7
CVE-2022-3068 HIGH
octoprint/octoprint <1.8.3 - Privilege Escalation
CVSS 8.8
CVE-2022-3079 HIGH
Festo CPX-CEC-C1 and CPX-CMXX Firmware - Unauthenticated Denial of Service via Critical Webpage Functions
CVSS 7.5
CVE-2022-38351 HIGH
Suprema BioStar 2 <2.8.16 - Privilege Escalation
CVSS 8.8
CVE-2022-40142 HIGH
Trend Micro Apex One - Local Privilege Escalation via Security Link Following
CVSS 7.8
CVE-2022-39007 CRITICAL
Location Module - Privilege Escalation
CVSS 9.8
CVE-2022-36075 LOW
Nextcloud Files Access Control <1.12.2-1.14.1 - Info Disclosure
CVSS 2.6
CVE-2022-22483 MEDIUM
IBM Db2 9.7, 10.1, 10.5, 11.1, 11.5 - Unauthorized Information Disclosure via CREATE OR REPLACE Command
CVSS 6.5
CVE-2022-39203 HIGH
matrix-appservice-irc < 0.35.0 - Improper Privilege Management via Channel Combination
CVSS 8.8
Details
Vulnerabilities 2,834
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits