CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,837 vulnerabilities with CWE-269
CVE-2019-4174 LOW
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.4.0 - Unprotected Local File Exposure via Web Page Storage
CVSS 3.3
CVE-2019-1007 HIGH
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege in Audio Service
CVSS 7.8
CVE-2019-12794 MEDIUM
MISP 2.4.108 - Improper Privilege Management via Organization Admin Password Reset
CVSS 6.6
CVE-2019-12775 HIGH
ENTTEC Datagate MK2, Storm 24, Pixelator, E-Streamer MK2 Firmware 70044 - Privilege Escalation via Sudo
CVSS 8.8
CVE-2019-4218 LOW
IBM Security Information Queue 1.0.0-1.0.2 - Unprotected Local File Exposure
CVSS 3.3
CVE-2019-4048 LOW
IBM Maximo Asset Management 7.6 - Unprotected User Data Exposure via Physical Access
CVSS 2.1
CVE-2019-12176 HIGH
HTC VIVEPORT <1.0.0.36 - Privilege Escalation
CVSS 7.8
CVE-2019-10144 HIGH
rkt < 1.30.0 - Improper Privilege Management via rkt enter
CVSS 7.7
CVE-2019-11896 HIGH
Bosch Smart Home Controller <9.8.907 - Privilege Escalation
CVSS 7.1
CVE-2019-11893 HIGH
Bosch Smart Home Controller <9.8.905 - Privilege Escalation
CVSS 8.0
CVE-2019-11891 HIGH
Bosch Smart Home Controller <9.8.905 - Privilege Escalation
CVSS 8.0
CVE-2019-7394 HIGH
CA Technologies CA Strong Authentication <9.0 - Privilege Escalation
CVSS 8.8
CVE-2019-1000 MEDIUM
Microsoft Azure Active Directory Connect 1.3.20.0 - Authenticated Privilege Escalation via PowerShell Cmdlets
CVSS 5.3
CVE-2019-0301 HIGH
SAP Identity Management - Improper Privilege Management via REST Interface Version 2
CVSS 8.8
CVE-2019-11888 CRITICAL
Go <1.12.5 - Info Disclosure
CVSS 9.8
CVE-2019-6617 MEDIUM
F5 BIG-IP Privilege Escalation via SFTP File Overwrite
CVSS 6.5
CVE-2019-3805 MEDIUM
Wildfly <16.0.0.Final - Privilege Escalation
CVSS 4.7
CVE-2019-11632 HIGH
Octopus Deploy <2019.3.1, <2019.4.5 - Info Disclosure
CVSS 8.1
CVE-2019-4047 MEDIUM
IBM Jazz Reporting Service 6.0.6 - Authenticated Information Disclosure via Execution Log Files
CVSS 4.3
CVE-2019-3843 HIGH
systemd < 242 - Improper Privilege Management via DynamicUser Service SUID/SGID Binary
CVSS 7.8
CVE-2019-4222 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.0.0.1 - Authenticated Improper Privilege Management
CVSS 4.3
CVE-2019-3789 MEDIUM
Cloud Foundry Routing Release <0.188.0 - SSRF
CVSS 6.5
CVE-2019-3786 HIGH
Cloud Foundry BOSH Backup and Restore CLI < 1.5.0 - Authenticated Privilege Escalation via Backup Script Metadata
CVSS 7.1
CVE-2019-10239 HIGH
Robotronic RunAsSpc 3.7.0.0 - Authenticated Cleartext Credential Exposure
CVSS 7.8
CVE-2019-7155 MEDIUM
GitLab <11.5.8-11.7.1 - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities 2,837
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits