CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,836 vulnerabilities with CWE-269
CVE-2020-26063 MEDIUM
Cisco Integrated Management Controller - Auth Bypass
CVSS 5.4
CVE-2020-11846 HIGH
OpenText Privileged Access Manager < 3.7.0.1 - Unauthenticated Privilege Escalation via Token Cookie
CVSS 8.7
CVE-2020-11640 HIGH
ABB AdvaBuild 3.0-3.7 SP2 - Unauthenticated Remote Code Execution via Command Queue
CVSS 8.8
CVE-2020-27352 CRITICAL
snapd < 2.48.3 - Improper Privilege Management via systemd Service Unit Generation
CVSS 9.3
CVE-2020-12615 HIGH
BeyondTrust Privilege Management <5.6 - Privilege Escalation
CVSS 7.8
CVE-2020-10129 HIGH
SearchBlox < 9.2.1 - Privilege Escalation to Admin
CVSS 8.8
CVE-2020-35593 HIGH
BMC PATROL Agent < 20.08.00 - Local Privilege Escalation via pconfig +RESTART -host
CVSS 7.8
CVE-2020-23362 HIGH
Shop_CMS YerShop - Privilege Escalation
CVSS 7.1
CVE-2020-24307 HIGH
mRemoteNG <1.76.20 - Privilege Escalation
CVSS 7.8
CVE-2020-36603 MEDIUM
Genshin Impact <1.0.0.0 - Code Injection
CVSS 6.5
CVE-2020-10728 HIGH
Automationbroker/apb <2.0.4-1 - Privilege Escalation
CVSS 7.8
CVE-2020-21046 HIGH
EagleGet < 2.1.6.40 - Local Privilege Escalation via luminati_net_updater_win_eagleget_com Service
CVSS 7.8
CVE-2020-36549 HIGH
GE Voluson S8 Firmware - Improper Privilege Management
CVSS 8.8
CVE-2020-36542 HIGH
demokratian - Privilege Escalation in install/install3.php
CVSS 7.3
CVE-2020-16238 MEDIUM
B. Braun SpaceCom < L81 and Data module compactplus A10-A11 - Privilege Escalation via Configuration Import
CVSS 6.7
CVE-2020-24576 HIGH
Netskope Client <77 - Privilege Escalation
CVSS 8.8
CVE-2020-18171 HIGH
TechSmith Snagit 19.1.0.2653 - Privilege Escalation
CVSS 8.8
CVE-2020-18169 HIGH
TechSmith Snagit 19.1.1.2860 - Privilege Escalation
CVSS 7.8
CVE-2020-14032 CRITICAL
ASRock 4x4 BOX-R1000 Firmware < 1.40 - Privilege Escalation via SMM Code Execution
CVSS 9.8
CVE-2020-28904 CRITICAL
Nagios Fusion < 4.1.8 - Privilege Escalation via Malicious Component Installation
CVSS 9.8
CVE-2020-28014 MEDIUM
Exim 4.00-4.94.1 - Denial of Service via -oP Option Privilege Escalation
CVSS 6.1
CVE-2020-28008 HIGH
Exim 4.00-4.94.1 - Execution with Unnecessary Privileges via Spool Header File
CVSS 7.8
CVE-2020-23128 MEDIUM
Chamilo LMS 1.11.10 - Privilege Escalation
CVSS 4.9
CVE-2020-27518 HIGH
Windscribe VPN <2.02.10 - Privilege Escalation
CVSS 7.8
CVE-2020-27519 HIGH
Pritunl Client v1.2.2550.20 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 2,836
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits