CWE-648

Low likelihood

Incorrect Use of Privileged APIs

Parent: CWE-269 - Improper Privilege Management

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

63 vulnerabilities with CWE-648
CVE-2024-53007 MEDIUM
Bentley Systems ProjectWise Integration Server <10.00.03.288 - SQL ...
CVSS 6.4
CVE-2024-8785 CRITICAL
WhatsUp Gold < 24.0.1 - Unauthenticated Registry Manipulation via NmAPI.exe
CVSS 9.8
CVE-2024-11068 CRITICAL
D-Link DSL6740C - Privilege Escalation
CVSS 9.8
CVE-2024-46978 MEDIUM
XWiki Platform <14.10.21 - Info Disclosure
CVSS 6.5
CVE-2024-37018 CRITICAL
OpenDaylight 0.15.3 - Topology Poisoning via Discovery Packet Path Manipulation
CVSS 9.1
CVE-2024-22042 HIGH
Siemens Unicam FX - Local Privilege Escalation via Windows Installer Agent
CVSS 7.8
CVE-2023-6522 HIGH
ExtremePacs Extreme XDS <3914 - Privilege Escalation
CVSS 7.2
CVE-2023-4993 HIGH
SoliPay Mobile App <5.0.8 - Privilege Escalation
CVSS 7.5
CVE-2023-6151 HIGH
ESKOM Computer e-municipality <v.105 - Privilege Escalation
CVSS 7.5
CVE-2023-6150 HIGH
ESKOM Computer e-municipality <v.105 - Privilege Escalation
CVSS 7.5
CVE-2023-4972 CRITICAL
Yepas Digital Yepas <1.0.1 - Privilege Escalation
CVSS 9.8
CVE-2023-4009 HIGH
MongoDB Ops Manager <5.0.22, <6.0.17 - Privilege Escalation
CVSS 7.2
CVE-2023-20136 MEDIUM
Cisco Secure Workload - Privilege Escalation
CVSS 4.3
CVE-2023-29507 CRITICAL
XWiki 14.4.1-14.4.6 and 14.5-14.9 - Privilege Escalation via Document Script API
CVSS 9.1
CVE-2023-28062 HIGH
Dell PPDM <19.12-19.10 - Privilege Escalation
CVSS 8.8
CVE-2022-26323 HIGH
OpenText Operations Bridge Manager - Privilege Escalation
CVE-2022-20965 MEDIUM
Cisco Identity Services Engine - Privilege Escalation
CVSS 4.3
CVE-2022-4805 MEDIUM
usememos/memos <0.9.1 - Privilege Escalation
CVSS 4.3
CVE-2022-4796 HIGH
usememos/memos <0.9.1 - Privilege Escalation
CVSS 8.1
CVE-2022-4687 HIGH
usememos/memos <0.9.0 - Privilege Escalation
CVSS 8.1
CVE-2022-20956 HIGH
Cisco Identity Services Engine - Authenticated Arbitrary File Access via Web Management Interface
CVSS 7.1
CVE-2022-23720 HIGH
PingID Windows Login <2.8 - Privilege Escalation
CVSS 7.5
CVE-2022-2023 CRITICAL
polonel/trudesk <1.2.4 - Privilege Escalation
CVSS 9.8
CVE-2022-24821 MEDIUM
XWiki 12.0.0-12.10.10 and 13.5.0-13.9.0 - Unauthorized Global SSX/JSX Creation
CVSS 6.8
CVE-2022-24073 HIGH
Whale < 3.12.129.18 - Unauthenticated URL Redirection via Web Request API
CVSS 7.1
Details
Vulnerabilities 63
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits