CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732
CVE-2024-13861 HIGH
Sophos Taegis Endpoint Agent < 1.3.10 - Local Code Injection via Debian Package Component
CVSS 7.8
CVE-2024-10209 HIGH
B&R APROL <4.4-01 - Privilege Escalation
CVE-2024-13813 HIGH
Ivanti Secure Access Client < 22.8 - Authenticated Arbitrary File Deletion
CVSS 7.1
CVE-2024-57520 CRITICAL
Asterisk 22.0.0-22.5.0 - Directory Traversal via action_createconfig Function
CVSS 9.8
CVE-2024-57068 HIGH
@tanstack/form-core < 0.42.1 - Denial of Service via Prototype Pollution in mutateMergeDeep
CVSS 7.5
CVE-2024-45657 MEDIUM
IBM Security Verify Access 10.0.0-10.0.8 - Incorrect Permission Assignment for Critical Resource
CVSS 5.0
CVE-2024-29869 MEDIUM
Apache Hive 1.1.0-4.0.0 - Unauthorized Sensitive Information Exposure via Temporary Credentials File
CVSS 5.5
CVE-2024-57547 HIGH
CMSimple 5.16 - Insecure Permissions Leading to Sensitive Information Disclosure via Backup File Download
CVSS 7.5
CVE-2024-46881 HIGH
Develocity <2024.1.8 - Privilege Escalation
CVSS 7.1
CVE-2024-52328 LOW
ECOVACS Robot Lawnmowers and Vacuums - Unprotected Audio File Tampering in Camera Warning System
CVSS 2.3
CVE-2024-38337 CRITICAL
IBM Sterling Secure Proxy <6.2.0.0 - Info Disclosure
CVSS 9.1
CVE-2024-51448 MEDIUM
IBM Robotic Process Automation 21.0.0-21.0.7.17 & 23.0.0-23.0.18 Privilege Escalation
CVSS 6.7
CVE-2024-39967 MEDIUM
Aginode GigaSwitch <5 - Info Disclosure
CVSS 6.5
CVE-2024-11497 HIGH
PHOENIX CONTACT CHARX SEC <=1.7.0 - Root Privilege Escalation
CVSS 8.8
CVE-2024-54910 MEDIUM
Hasleo Backup Suite Free <4.9.4 - Info Disclosure
CVSS 4.7
CVE-2024-55411 HIGH
SUNIX Multi I/O Card v10.1.0.0 - Memory Corruption
CVSS 8.8
CVE-2024-53932 CRITICAL
Color Phone: Call Screen Theme <21.1.9 - RCE
CVSS 9.1
CVE-2024-53931 CRITICAL
com.glitter.caller.screen <1.1 - RCE
CVSS 9.1
CVE-2024-47475 MEDIUM
Dell PowerScale OneFS <9.8.0.x - DoS
CVSS 5.0
CVE-2024-49385 MEDIUM
Acronis True Image <41736 - Info Disclosure
CVSS 5.5
CVE-2024-55955 MEDIUM
Trend Micro Deep Security Agent 20.0.1-9400-20.0.1-23340 - Privilege Escalation via Incorrect Permissions Assignment
CVSS 6.7
CVE-2024-45497 HIGH
Red Hat OpenShift Container Platform 4.12-4.18 - Incorrect Permission Assignment for Critical Resource in Build Process
CVSS 7.6
CVE-2024-38864 LOW
Checkmk < 2.3.0p23, < 2.2.0p38, <= 2.1.0p49 - Unauthenticated Sensitive Data Exposure
CVSS 3.3
CVE-2024-47104 MEDIUM
IBM i 7.4-7.5 - Privilege Escalation
CVSS 6.8
CVE-2024-12564 MEDIUM
Open Design Alliance CDE inWEB SDK <2025.3 - Info Disclosure
Details
Vulnerabilities 1,661
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits