CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,662 vulnerabilities with CWE-732
CVE-2023-40516 HIGH
LG Simple Editor - Privilege Escalation
CVSS 7.8
CVE-2023-52554 MEDIUM
Huawei EMUI and HarmonyOS - Incorrect Permission Assignment in Bluetooth Module
CVSS 6.5
CVE-2023-52388 HIGH
Huawei EMUI and HarmonyOS - Incorrect Permission Assignment in Clock Module
CVSS 7.5
CVE-2023-52715 HIGH
HarmonyOS - Denial of Service via SystemUI Permission Management
CVSS 7.5
CVE-2023-33870 MEDIUM
Intel(R) Ethernet - Privilege Escalation
CVSS 6.7
CVE-2023-50292 HIGH
Apache Solr 8.10.0-8.11.2, 9.0.0-9.2.9 - Unauthenticated Remote Code Execution via Schema Designer ConfigSet
CVSS 7.5
CVE-2023-34042 MEDIUM
Spring Security - Incorrect Permission
CVSS 4.1
CVE-2023-47564 HIGH
Qsync Central 4.3.0.0-4.3.0.10 - Authenticated Incorrect Permission Assignment for Critical Resource
CVSS 8.0
CVE-2023-48714 MEDIUM
Silverstripe Framework <4.13.39, <5.1.11 - Info Disclosure
CVSS 4.3
CVE-2023-38541 MEDIUM
Intel HID Event Filter <2.2.2.1 - Privilege Escalation
CVSS 6.7
CVE-2023-52116 HIGH
Multi-Screen Interaction Module - Info Disclosure
CVSS 7.5
CVE-2023-52107 HIGH
Huawei EMUI and HarmonyOS - Improper Privilege Management in WMS Module
CVSS 7.5
CVE-2023-49257 HIGH
Hongdian H8951-4G-ESP Firmware <= 2310271149 - Arbitrary File Upload and Execution
CVSS 8.8
CVE-2023-6883 MEDIUM
Easy Social Feed < 6.5.2 - Authenticated Unauthorized Data Modification via AJAX Functions
CVSS 4.3
CVE-2023-6506 MEDIUM
WP 2FA - Insecure Direct Object Reference
CVSS 4.3
CVE-2023-44120 HIGH
Spectrum Power 7 <V23Q4 - Privilege Escalation
CVSS 7.8
CVE-2023-41776 MEDIUM
ZTE ZXCLOUD iRAI < 7.23.32 - Local Privilege Escalation via Fake Process Creation
CVSS 6.7
CVE-2023-7055 MEDIUM
PHPGurukul Online Notes Sharing System 1.0 - Improper Access Control via Profile Mobile Number Parameter
CVSS 4.3
CVE-2023-46142 HIGH
PLCnext - Privilege Escalation
CVSS 8.8
CVE-2023-46141 CRITICAL
PHOENIX CONTACT classic - Privilege Escalation
CVSS 9.8
CVE-2023-0757 CRITICAL
PHOENIX CONTACT MULTIPROG and ProConOS eCLR - Unauthenticated Arbitrary Code Upload
CVSS 9.8
CVE-2023-25648 MEDIUM
ZTE ZXCLOUD iRAI < 7.23.21 - Privilege Escalation via Weak Folder Permissions
CVSS 6.5
CVE-2023-6593 CRITICAL
Drm 2023.3.4.0- - Privilege Escalation
CVSS 9.8
CVE-2023-49580 HIGH
SAP GUI for Windows and SAP GUI for Java - Unauthenticated Information Disclosure and Layout Configuration Manipulation
CVSS 7.3
CVE-2023-49578 LOW
SAP Cloud Connector 2.0 - Authenticated Denial of Service via Malicious Request
CVSS 3.5
Details
Vulnerabilities 1,662
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits