CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,835 vulnerabilities with CWE-269
CVE-2022-1107 MEDIUM
Lenovo ThinkPad Firmware - Privilege Escalation via SMM Boot Services Handler
CVSS 6.7
CVE-2022-0071 HIGH
Hotdog <1.0.2 - Privilege Escalation
CVSS 8.8
CVE-2022-0070 HIGH
Apache Log4j - Privilege Escalation
CVSS 8.8
CVE-2022-26795 HIGH
Windows Print Spooler - Privilege Escalation
CVSS 7.8
CVE-2022-20739 HIGH
Cisco SD-WAN vManage Software - Command Injection
CVSS 7.3
CVE-2022-22187 HIGH
Juniper Identity Management Service < 1.4.0 - Privilege Escalation via Windows Installer Repair
CVSS 7.8
CVE-2022-1256 HIGH
McAfee Agent < 5.7.6 - Local Privilege Escalation via Symbolic Link Manipulation
CVSS 7.8
CVE-2022-1332 MEDIUM
Mattermost Server 5.37.0-5.37.8 and 6.4.0-6.4.1 - Authenticated Privilege Escalation via API
CVSS 4.3
CVE-2022-24842 HIGH
MinIO >=2021-12-09t06-19-41z <2022-04-12t06-55-35z - Privilege Escalation via Service Account Creation
CVSS 8.8
CVE-2022-23160 MEDIUM
Dell PowerScale OneFS <9.3.0 - Privilege Escalation
CVSS 5.4
CVE-2022-24812 HIGH
Grafana 8.1.0-8.4.6 - Privilege Escalation via API Key Permission Cache
CVSS 8.0
CVE-2022-27840 MEDIUM
Samsung Recovery < 8.1.43.0 - Unauthenticated Arbitrary File Deletion via Improper Access Control
CVSS 4.4
CVE-2022-22257 HIGH
Customization Framework - Privilege Escalation
CVSS 7.5
CVE-2022-0556 HIGH
Zyxel AP Configurator <1.1.4 - Privilege Escalation
CVSS 7.3
CVE-2022-26676 CRITICAL
aEnrich a+HRD - Unauthenticated Arbitrary File Upload and Remote Code Execution via API Function
CVSS 9.8
CVE-2022-20782 MEDIUM
Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Web Interface
CVSS 6.5
CVE-2022-26251 HIGH
Synaman < 5.1 - Authenticated Arbitrary Code Execution and Privilege Escalation
CVSS 7.2
CVE-2022-24783 CRITICAL
Deno 1.18.0-1.20.2 - Unauthenticated Privilege Escalation via Permission Check Bypass
CVSS 10.0
CVE-2022-1003 LOW
Mattermost <6.3.0 - Privilege Escalation
CVSS 3.3
CVE-2022-24637 CRITICAL
Open Web Analytics <1.7.4 - Info Disclosure
CVSS 9.8
CVE-2022-24072 MEDIUM
Whale < 3.12.129.18 - Arbitrary JavaScript Injection via DevTools API
CVSS 6.1
CVE-2022-22141 HIGH
Yokogawa Electric - Privilege Escalation
CVSS 7.8
CVE-2022-24750 HIGH
UltraVNC <1.3.8.0 - Privilege Escalation
CVSS 8.8
CVE-2022-24931 HIGH
Android - Unauthorized Activity Execution via ApkInstaller Dynamic Receiver
CVSS 7.9
CVE-2022-20051 MEDIUM
Android - Local Denial of Service via IMS Service Privilege Assignment
CVSS 5.5
Details
Vulnerabilities 2,835
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits