CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,835 vulnerabilities with CWE-269
CVE-2022-30526 HIGH
Zyxel Firewall Firmware - Privilege Escalation via CLI Command
CVSS 7.8
CVE-2022-26118 MEDIUM
FortiManager & FortiAnalyzer <7.0.4 - Privilege Escalation
CVSS 6.7
CVE-2022-34754 MEDIUM
Acti9 PowerTag Link C (A9XELC10-A) < 1.7.5 & (A9XELC10-B) < 2.12.0 - Unauthenticated Privilege Escalation
CVSS 6.8
CVE-2022-33710 HIGH
Galaxy Store <4.5.41.8 - Privilege Escalation
CVSS 7.8
CVE-2022-33709 HIGH
Galaxy Store <4.5.41.8 - Privilege Escalation
CVSS 7.8
CVE-2022-33708 HIGH
Galaxy Store <4.5.41.8 - Privilege Escalation
CVSS 7.8
CVE-2022-23720 HIGH
PingID Windows Login <2.8 - Privilege Escalation
CVSS 7.5
CVE-2022-31039 MEDIUM
Greenlight <2.12.6 - Info Disclosure
CVSS 4.3
CVE-2022-22390 HIGH
IBM Db2 9.7, 10.1, 10.5, 11.1, 11.5 - Information Disclosure via Table Function
CVSS 7.5
CVE-2022-2104 CRITICAL
SEPCOs Control and Protection Relay Firmware 1.23.0-1.23.21 - Improper Privilege Management via Sudo Configuration
CVSS 9.9
CVE-2022-1517 CRITICAL
Illumina Local Run Manager 1.3 to 3.1 - Unauthenticated Remote Code Execution
CVSS 10.0
CVE-2022-32536 HIGH
Bosch PRA-ES8P2S Firmware < 1.01.05 - Improper Privilege Management
CVSS 8.8
CVE-2022-32535 MEDIUM
Bosch Ethernet switch PRA-ES8P2S <1.01.05 - Privilege Escalation
CVSS 4.8
CVE-2022-29526 MEDIUM
GO < 1.17.10 - Improper Privilege Management
CVSS 5.3
CVE-2022-1823 HIGH
McAfee Consumer Product Removal Tool < 10.4.128 - Privilege Escalation via Configuration File Tampering
CVSS 7.9
CVE-2022-26668 HIGH
ASUS Control Center API - Privilege Escalation
CVSS 7.3
CVE-2022-2023 CRITICAL
polonel/trudesk <1.2.4 - Privilege Escalation
CVSS 9.8
CVE-2022-34006 HIGH
TitanFTP NextGen <1.2.1050 - Privilege Escalation
CVSS 7.8
CVE-2022-26057 MEDIUM
Mint WorkBench - Privilege Escalation
CVSS 6.7
CVE-2022-20819 MEDIUM
Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Web Management Interface
CVSS 6.5
CVE-2022-31594 MEDIUM
SUID-root Program - Privilege Escalation
CVSS 6.7
CVE-2022-29614 MEDIUM
SAP Host Agent - Local Privilege Escalation via sapuxuserchk Helper Program
CVSS 5.0
CVE-2022-24077 HIGH
Naver Cloud Explorer Beta - Code Injection
CVSS 7.8
CVE-2022-1654 HIGH
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation via AJAX Actions
CVSS 8.8
CVE-2022-2063 HIGH
nocodb < 0.91.7 - Improper Privilege Management
CVSS 8.8
Details
Vulnerabilities 2,835
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits