CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732
CVE-2024-25956 MEDIUM
Dell Grab < 5.0.5 - Information Disclosure via Improper File Permissions
CVSS 5.5
CVE-2024-29187 HIGH
WiX toolset <4.0.5 - Privilege Escalation
CVSS 7.3
CVE-2024-28745 LOW
ABEMA Android App <10.65.0 - Phishing via Exported Component URL Access
CVSS 3.3
CVE-2024-21431 HIGH
Windows 10/11, Server 2022 Security Feature Bypass via Hypervisor-Protected Code Integrity
CVSS 7.8
CVE-2024-28163 MEDIUM
SAP NetWeaver Process Integration 7.50 - Information Disclosure via Support Web Pages
CVSS 5.3
CVE-2024-25645 MEDIUM
SAP NetWeaver Enterprise Portal 7.50 - Unauthorized Information Disclosure
CVSS 5.3
CVE-2024-25644 MEDIUM
SAP NetWeaver 7.50 - Information Disclosure via WSRM
CVSS 5.3
CVE-2024-27294 HIGH
dp-golang <1.2.7 - Privilege Escalation
CVSS 7.3
CVE-2024-0019 MEDIUM
Android - Local Denial of Service via Missing Active Recording Check
CVSS 5.0
CVE-2024-21915 CRITICAL
Rockwell Automation FactoryTalk Services Platform < 2.74 - Privilege Escalation to Administrator Group
CVSS 9.0
CVE-2024-24740 MEDIUM
SAP NetWeaver Application Server - Info Disclosure
CVSS 5.3
CVE-2024-22016 HIGH
Rapid SCADA <5.8.4 - Privilege Escalation
CVSS 7.8
CVE-2024-22236 LOW
Spring Cloud Contract <4.1.1, <4.0.5, <3.1.10 - Info Disclosure
CVSS 3.3
CVE-2024-23223 MEDIUM
iPadOS < 17.3 - Unprotected User Data Exposure via File Handling
CVSS 6.2
CVE-2024-21305 MEDIUM
Windows 10/11, Server 2019-2022 - Hyper-V Code Integrity Bypass
CVSS 4.4
CVE-2023-53949 HIGH
AspEmail 5.6.0.2 - Privilege Escalation
CVSS 8.4
CVE-2023-39338 MEDIUM
Ivanti Sentry 9.0-9.19 - Authenticated Incorrect Permission Assignment for Critical Resource
CVSS 6.8
CVE-2023-38037 MEDIUM
ActiveSupport 5.2.0-6.1.7.5 and 7.0.0-7.0.7.1 - Unprotected Temporary File Exposure via EncryptedFile
CVSS 5.5
CVE-2023-6729 HIGH
Nokia SR OS - Privilege Escalation
CVSS 7.3
CVE-2023-49582 MEDIUM
Apache Portable Runtime 0.9.0-1.7.4 - Unprotected User Data Exposure via Shared Memory Permissions
CVSS 5.5
CVE-2023-5936 HIGH
Nozomi Networks Arc < 1.6.0 - Privilege Escalation via Temporary File Tampering
CVSS 7.8
CVE-2023-35841 HIGH
Phoenix WinFlash < 4.5.0.0 - Privilege Escalation via Exposed IOCTL
CVSS 7.8
CVE-2023-47712 HIGH
IBM Security Guardium 11.3-12.0 - Privilege Escalation via Improper Permissions Control
CVSS 7.8
CVE-2023-51579 HIGH
Voltronic Power ViewPower - Privilege Escalation
CVSS 7.8
CVE-2023-40516 HIGH
LG Simple Editor - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 1,661
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits