CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,662 vulnerabilities with CWE-732

CVE-2023-4332 HIGH

Broadcom RAID Controller - Info Disclosure

CVSS 7.5

CVE-2023-28658 MEDIUM

Intel oneMKL <2022.0 - Privilege Escalation

CVSS 6.7

CVE-2023-39005 HIGH

OPNsense <23.7-23.4.2 - Info Disclosure

CVSS 7.5

CVE-2023-39004 CRITICAL

OPNsense <23.7-23.4.2 - Info Disclosure

CVSS 9.8

CVE-2023-39003 HIGH

OPNsense <23.7-23.4.2 - Info Disclosure

CVSS 7.5

CVE-2023-38497 HIGH

Cargo < 0.72.2 - Incorrect Permission Assignment for Critical Resource

CVSS 7.9

CVE-2023-38991 MEDIUM

jeesite <1.2.6 - Privilege Escalation

CVSS 5.4

CVE-2023-20216 MEDIUM

Cisco BroadWorks - Privilege Escalation

CVSS 4.4

CVE-2023-3322 HIGH

ABB Ability zenon <11.106404 - Info Disclosure

CVSS 7.0

CVE-2023-28133 HIGH

Check Point Endpoint Security Client E87.30 - Local Privilege Escalation via OpenSSL Configuration File

CVSS 7.8

CVE-2023-35870 MEDIUM

SAP S/4HANA S4CORE 104-107 - Incorrect Permission Assignment in Journal Entry Template

CVSS 6.3

CVE-2023-33990 HIGH

SAP SQL Anywhere 17.0 - Denial of Service via Shared Memory Object Manipulation

CVSS 7.8

CVE-2023-37237 MEDIUM

Veritas NetBackup Appliance < 4.1.0.1 - Authenticated Command Execution via SSH

CVSS 6.5

CVE-2023-35800 MEDIUM

Stormshield Endpoint Security 2.0.0-2.4.2 - Unprotected Administrator Log Exposure via ACL Misconfiguration

CVSS 4.3

CVE-2023-35799 MEDIUM

Stormshield Endpoint Security 2.0.0-2.3.2 - Privilege Escalation via Insecure File Permissions

CVSS 5.5

CVE-2023-35168 MEDIUM

DataEase < 1.18.8 - Unauthenticated Privilege Escalation and Sensitive Data Exposure

CVSS 6.5

CVE-2023-29860 HIGH

DTStack Taier 1.3.0 - Unauthenticated Sensitive Information Exposure via Tenant List API

CVSS 7.5

CVE-2023-34981 HIGH

Apache Tomcat 8.5.88-8.5.89, 9.0.74, 10.1.8, 11.0.0-M5 - Information Leak via AJP Response Header Regression

CVSS 7.5

CVE-2023-26427 LOW

open-xchange_appsuite_backend < 7.10.6 - Unauthenticated Sensitive Information Exposure via Insecure File Permissions

CVSS 3.2

CVE-2023-34154 HIGH

HarmonyOS < 2.0 - Incorrect Permission Assignment for Critical Resource in VR Screen Projection

CVSS 8.2

CVE-2023-34797 MEDIUM

Temenos CWX 8.5.6 - Broken Access Control in Registration Page

CVSS 5.4

CVE-2023-34852 CRITICAL

PublicCMS <= 4.0.202302 - Insecure Permissions

CVSS 9.8

CVE-2023-21142 MEDIUM

Android 11-13 - Local Information Disclosure via Dev Mode Trace Access

CVSS 5.5

CVE-2023-35147 MEDIUM

Jenkins AWS CodeCommit Trigger Plugin <= 3.0.12 - Arbitrary File Read via SQS Queue Name Path Parameter

CVSS 6.5

CVE-2023-31142 LOW

Discourse <3.0.4-3.1.0.beta5 - Info Disclosure

CVSS 2.0

Details

Vulnerabilities 1,662

Exploit Likelihood High

Links