CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,837 vulnerabilities with CWE-269
CVE-2019-16202 MEDIUM
MISP <2.4.115 - Privilege Escalation
CVSS 6.5
CVE-2019-6997 MEDIUM
GitLab <11.5.8-11.7.1 - Info Disclosure
CVSS 4.3
CVE-2019-6996 MEDIUM
GitLab EE <11.5.8-11.7.1 - Info Disclosure
CVSS 4.3
CVE-2019-6794 MEDIUM
GitLab < 11.5.8, 11.6.x < 11.6.6, 11.7.x < 11.7.1 - Information Disclosure via Default Branch Commit Status
CVSS 4.3
CVE-2019-6789 MEDIUM
GitLab < 11.5.8, 11.6.x < 11.6.6, 11.7.x < 11.7.1 - Information Disclosure via Project Move Notification
CVSS 4.3
CVE-2019-9443 MEDIUM
Android kernel - Permissions Bypass
CVSS 6.7
CVE-2019-1939 HIGH
Cisco Webex Teams < 3.0.12427.0 - Unauthenticated Remote Code Execution via Software Logging Feature
CVSS 8.8
CVE-2019-4536 MEDIUM
IBM i - Improper Privilege Management during Restore User Profile
CVSS 6.3
CVE-2019-15720 HIGH
CloudBerry Backup < 6.1.2.34 - Local Privilege Escalation via Pre/Post Backup Action
CVSS 7.8
CVE-2019-4448 HIGH
IBM DB2 High Performance Unload <6.1 - RCE
CVSS 7.8
CVE-2019-11551 MEDIUM
Code42 Enterprise <6.9.1 - Info Disclosure
CVSS 5.5
CVE-2019-11521 HIGH
Open-Xchange App Suite 7.10.1 - Content Spoofing
CVSS 8.1
CVE-2019-12889 HIGH
SailPoint Desktop Password Reset 7.2 - Unauthenticated Privilege Escalation via Password Reset Functionality
CVSS 7.0
CVE-2019-1177 HIGH
Windows - Elevation of Privilege via rpcss.dll Memory Handling
CVSS 7.0
CVE-2019-1175 HIGH
Windows 10 and Windows Server 2016/2019 - Privilege Escalation in psmsrv.dll
CVSS 7.0
CVE-2019-1162 HIGH
Windows - Elevation of Privilege via ALPC Call Handling
CVSS 7.8
CVE-2019-12618 CRITICAL
HashiCorp Nomad 0.9.0-0.9.1 - Incorrect Access Control via Exec Driver
CVSS 9.8
CVE-2019-11270 HIGH
Pivotal Software Application Service - Improper Privilege Management
CVSS 7.5
CVE-2019-1010178 CRITICAL
Fred MODX Revolution < 1.0.0-beta5 - RCE
CVSS 9.8
CVE-2019-11553 HIGH
Code42 for Enterprise <6.8.4 - Privilege Escalation
CVSS 8.8
CVE-2019-1010066 HIGH
LLNL model_specific_registers-safe < 1.2.0 - Unauthenticated MSR Modification via ioctl Bypass
CVSS 7.5
CVE-2019-12731 HIGH
Mikogo < 5.10.2 - Privilege Escalation
CVSS 7.8
CVE-2019-7278 MEDIUM
Optergy Proton/Enterprise - Unauthenticated SMS Sending
CVSS 6.5
CVE-2019-3735 HIGH
Dell SupportAssist 2.0-3.2.1 Privilege Escalation via Thread Handle Inheritance
CVSS 7.8
CVE-2019-4177 LOW
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.4.0 - Unprotected User Data Exposure via Local Web Page Storage
CVSS 3.3
Details
Vulnerabilities 2,837
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits