CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2022-45459 HIGH
Acronis Agent < 30025 and Cyber Protect 15 < 30984 - Sensitive Information Disclosure via Insecure Registry Permissions
CVSS 7.5
CVE-2022-45452 HIGH
Acronis Agent < 30430 and Cyber Protect 15 < 30984 - Local Privilege Escalation via Insecure Folder Permissions
CVSS 7.8
CVE-2022-41687 MEDIUM
Intel(R) NUC P14E Laptop Element <1.1.44 - Privilege Escalation
CVSS 6.7
CVE-2022-40971 MEDIUM
Intel(R) HDMI Firmware Update Tool <1.79.1.1 - Privilege Escalation
CVSS 6.7
CVE-2022-36391 MEDIUM
Intel(R) NUC Pro Software Suite <2.0.0.3 - Privilege Escalation
CVSS 6.7
CVE-2022-33963 MEDIUM
Intel(R) Unite(R) Client <4.2.34870 - Privilege Escalation
CVSS 6.7
CVE-2022-30338 MEDIUM
Intel VROC < 7.7.6.1003 - Authenticated Privilege Escalation via Incorrect Default Permissions
CVSS 6.7
CVE-2022-30759 HIGH
Nokia One-NDS <20.9 - Privilege Escalation
CVSS 8.8
CVE-2022-4568 HIGH
Lenovo System Update - Privilege Escalation
CVSS 7.0
CVE-2022-38583 HIGH
Sage 300 <2022 - Privilege Escalation
CVSS 7.8
CVE-2022-31244 HIGH
Nokia OneNDS 17r2 - Privilege Escalation
CVSS 7.8
CVE-2022-48360 HIGH
Huawei EMUI and HarmonyOS - Unprotected User Data Exposure via Facial Recognition Module
CVSS 7.5
CVE-2022-3146 MEDIUM
tripleo-ansible - Unauthenticated Sensitive Information Exposure via Insecure File Permissions
CVSS 5.5
CVE-2022-3101 MEDIUM
tripleo-ansible - Information Disclosure via Insecure File Permissions
CVSS 5.5
CVE-2022-46774 MEDIUM
IBM Manage App <8.9.0 - Privilege Escalation
CVSS 5.4
CVE-2022-3758 MEDIUM
GitLab 15.5.0-15.7.7, 15.8.0-15.8.3, 15.9.0-15.9.1 - Unauthenticated Private Snippet Access via Improper Permissions
CVSS 5.4
CVE-2022-45552 HIGH
ZBT WE1626 Router 21.06.18 - Sensitive Information Exposure via SPI Bus Interface
CVSS 7.5
CVE-2022-3884 HIGH
Hitachi Ops Center Analyzer <10.9.0-01 - Info Disclosure
CVSS 7.3
CVE-2022-40232 MEDIUM
IBM Sterling B2B Integrator 6.1.0.0-6.1.1.1 and 6.1.2.0 - Authenticated Incorrect Default Permissions
CVSS 6.3
CVE-2022-36397 HIGH
Intel(R) QAT <4.17 - Privilege Escalation
CVSS 7.3
CVE-2022-33196 HIGH
Intel Xeon Gold Firmware - Incorrect Default Permissions in Memory Controller Configuration
CVSS 7.2
CVE-2022-45153 HIGH
saphanabootstrap-formula < 0.13.1+git.1667812208.4db963e - Privilege Escalation via Sudo Configuration Manipulation
CVSS 7.0
CVE-2022-45454 HIGH
Acronis Agent < 30161 and Cyber Protect 15 < 30984 - Sensitive Information Disclosure via Insecure Folder Permissions
CVSS 7.5
CVE-2022-31254 HIGH
SUSE Linux Enterprise Server for SAP <2.10 - Privilege Escalation
CVSS 7.8
CVE-2022-23454 HIGH
HP Support Assistant < 9.11 - Privilege Escalation and Unauthorized File Modification
CVSS 7.8
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits