CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,836 vulnerabilities with CWE-269
CVE-2021-27454 HIGH
GE Reason DR60 Firmware < 02a04.1 - Improper Privilege Management
CVSS 7.8
CVE-2021-27448 HIGH
MU320E <v04A00.1 - Privilege Escalation
CVSS 7.8
CVE-2021-27192 HIGH
Netop Vision Pro <= 9.7.1 - Local Privilege Escalation
CVSS 7.8
CVE-2021-1371 MEDIUM
Cisco IOS XE SD-WAN - Privilege Escalation via Console Port Default Configuration
CVSS 6.6
CVE-2021-27077 HIGH
Windows Win32k - Elevation of Privilege via Improper Privilege Management
CVSS 7.8
CVE-2021-26863 HIGH
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via Win32k Race Condition
CVSS 7.0
CVE-2021-24095 HIGH
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege in DirectX
CVSS 7.0
CVE-2021-24090 HIGH
Windows 10 and Windows Server 2016 - Elevation of Privilege via Error Reporting
CVSS 7.8
CVE-2021-1729 HIGH
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via Update Stack Setup
CVSS 7.1
CVE-2021-1640 HIGH
Windows Print Spooler - Elevation of Privilege
CVSS 7.8
CVE-2021-25337 MEDIUM KEV
Samsung mobile <SMR Mar-2021 Release 1 - Info Disclosure
CVSS 4.4
CVE-2021-25336 LOW
Samsung mobile <SMR Mar-2021 Release 1 - Privilege Escalation
CVSS 2.8
CVE-2021-24102 HIGH
Windows - Elevation of Privilege via Event Tracing
CVSS 7.8
CVE-2021-24096 HIGH
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege
CVSS 7.8
CVE-2021-24092 HIGH
Microsoft Defender - Improper Privilege Management
CVSS 7.8
CVE-2021-24087 HIGH
Azure IoT CLI Extension 0.10.2-0.10.6 - Elevation of Privilege
CVSS 7.0
CVE-2021-1733 HIGH
Sysinternals PsExec - Elevation of Privilege
CVSS 7.8
CVE-2021-1728 HIGH
System Center Operations Manager - Improper Privilege Management
CVSS 8.8
CVE-2021-1727 HIGH
Windows Installer - Elevation of Privilege
CVSS 7.8
CVE-2021-1698 HIGH
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege in Win32k
CVSS 7.8
CVE-2021-1388 CRITICAL
Cisco ACI Multi-Site Orchestrator 3.0-3.0(3m) - Unauthenticated Authentication Bypass via API Endpoint
CVSS 10.0
CVE-2021-26594 HIGH
Directus 8.0.0-8.8.1 - Unauthenticated Privilege Escalation via PATCH Role Switch
CVSS 8.8
CVE-2021-25630 HIGH
Collabora Online 4.2.0-4.2.12 - Privilege Escalation via loolforkit User Check Bypass
CVSS 7.8
CVE-2021-1416 MEDIUM
Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Admin Portal
CVSS 6.5
CVE-2021-26697 MEDIUM
Apache Airflow 2.0.0 - Unauthenticated Improper Privilege Management via Experimental API Lineage Endpoint
CVSS 5.3
Details
Vulnerabilities 2,836
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits