CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,836 vulnerabilities with CWE-269
CVE-2020-15797 MEDIUM
Siemens DCA Vantage Analyzer Firmware < 4.5.0.0 - Unauthenticated Privilege Escalation via Kiosk Mode Escape
CVSS 6.8
CVE-2020-26880 HIGH
Sympa <6.2.57b.2 - Privilege Escalation
CVSS 7.8
CVE-2020-26596 HIGH
Elementor Pro <3.0.5 - Authenticated RCE
CVSS 8.8
CVE-2020-8223 MEDIUM
Nextcloud Server 19.0.0 - Privilege Escalation
CVSS 6.5
CVE-2020-3396 MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.8
CVE-2020-3393 MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.0
CVE-2020-25595 HIGH
Xen < 4.14.0 - Denial of Service via PCI Passthrough Register Handling
CVSS 7.8
CVE-2020-8247 HIGH
Citrix ADC and NetScaler Gateway <13.0-64.35 - Privilege Escalation
CVSS 8.8
CVE-2020-0403 MEDIUM
Android - Local Privilege Escalation in FPC TrustZone Fingerprint App
CVSS 6.7
CVE-2020-24046 HIGH
TitanHQ SpamTitan Gateway 7.07 - Privilege Escalation
CVSS 7.2
CVE-2020-0404 MEDIUM
Android - Local Privilege Escalation via uvc_scan_chain_forward Linked List Corruption
CVSS 5.5
CVE-2020-0074 HIGH
Android - Local Privilege Escalation via Default Handler Bypass
CVSS 7.8
CVE-2020-16875 HIGH
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
CVSS 8.4
CVE-2020-9733 HIGH
Adobe Experience Manager <= 6.5.5.0 and <= 6.4.8.1 - Improper Privilege Management in Java Servlet
CVSS 7.5
CVE-2020-7311 HIGH
McAfee Agent < 5.6.6 - Privilege Escalation via Log File Manipulation
CVSS 7.8
CVE-2020-10056 HIGH
Siemens License Management Utility < 2.4 - Authenticated Privilege Escalation via lmgrd Service Configuration
CVSS 7.8
CVE-2020-7324 MEDIUM
McAfee MVISION Endpoint < 20.9 - Improper Access Control via Incorrectly Applied Permissions
CVSS 6.1
CVE-2020-7523 HIGH
Schneider Electric Modbus Serial Driver - Local Privilege Escalation via Service Invocation
CVSS 7.8
CVE-2020-4603 HIGH
IBM Security Guardium Insights 2.0.1 - Improper Privilege Management
CVSS 7.2
CVE-2020-5916 MEDIUM
BIG-IP <15.1.0.4, <15.0.1.3 - Info Disclosure
CVSS 6.8
CVE-2020-8624 MEDIUM
BIND <9.16.5 - Privilege Escalation
CVSS 4.3
CVE-2020-10290 MEDIUM
Universal Robots - RCE
CVSS 6.8
CVE-2020-7310 MEDIUM
McAfee Total Protection < 4.0.161.1 - Privilege Escalation via Symbolic Link Manipulation
CVSS 6.9
CVE-2020-14215 HIGH
Zulip Server < 2.1.5 - Incorrect Access Control via Invitation Role Assignment
CVSS 7.5
CVE-2020-14194 MEDIUM
Zulip Server < 2.1.5 - Reverse Tabnapping via Topic Header Link
CVSS 5.4
Details
Vulnerabilities 2,836
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits