CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,663 vulnerabilities with CWE-732
CVE-2022-25992 HIGH
Intel(R) oneAPI Toolkits oneapi-cli <0.2.0 - Privilege Escalation
CVSS 7.5
CVE-2022-21939 HIGH
Johnson Controls SCT <14.2.3, <15.0.3 - Info Disclosure
CVSS 7.5
CVE-2022-42972 HIGH
Schneider Electric APC Easy UPS Online Monitoring Software < 2.5-GA-01-22320 - Local Privilege Escalation
CVSS 7.8
CVE-2022-44715 HIGH
NetScout nGeniusONE 6.3.2 build 904 - Authenticated Privilege Escalation via Improper File Permissions
CVSS 8.8
CVE-2022-44263 HIGH
Dentsply Sirona Sidexis <= 4.3 - Privilege Escalation
CVSS 7.8
CVE-2022-34457 HIGH
Dell Command Configure < 4.9.0 - Privilege Escalation via Improper Folder Permissions
CVSS 7.3
CVE-2022-48257 MEDIUM
Eternal Terminal 6.2.1 - Predictable Logfile Name in /tmp
CVSS 5.3
CVE-2022-39186 MEDIUM
EXFO BV-10 Firmware - Incorrect Permission Assignment for Critical Resource
CVSS 6.2
CVE-2022-47927 MEDIUM
MediaWiki Credential Exposure via SQLite File Permissions
CVSS 5.5
CVE-2022-4365 MEDIUM
GitLab CE/EE <15.5.7-15.6.4-15.7.2 - Info Disclosure
CVSS 5.5
CVE-2022-4630 MEDIUM
GitHub lirantal/daloradius <master - Info Disclosure
CVSS 5.3
CVE-2022-42949 HIGH
silverstripe/subsites <= 2.6.0 - Insecure Permissions
CVSS 7.5
CVE-2022-43517 HIGH
Simcenter STAR-CCM+ <V2306 - Privilege Escalation
CVSS 7.8
CVE-2022-23143 MEDIUM
ZTE OTCP Firmware < 2.21.40.06 - Unauthorized File Deletion and Modification
CVSS 6.5
CVE-2022-46338 MEDIUM
g810-led 0.4.2 - Unprotected User Data Exposure via Udev Rule
CVSS 6.5
CVE-2022-45307 MEDIUM
chocolatey_php < 8.1.12 - Insecure Directory Permissions in C:\tools\php81
CVSS 4.3
CVE-2022-45306 MEDIUM
Chocolatey Azure-Pipelines-Agent < 2.211.1 - Insecure Directory Permissions in C:\agent
CVSS 4.3
CVE-2022-45305 MEDIUM
chocolatey_python3 < 3.11.0 - Insecure Directory Permissions for Authenticated Users
CVSS 4.3
CVE-2022-45304 MEDIUM
Chocolatey Cmder < 1.3.20 - Insecure Directory Permissions for Authenticated Users
CVSS 4.3
CVE-2022-45301 MEDIUM
chocolatey_ruby < 3.1.2.1 - Insecure Directory Permissions for Authenticated Users
CVSS 4.3
CVE-2022-41926 LOW
Nextcloud Talk < 14.1.0 - Unauthorized Communication Monitoring via Unprotected Broadcast Receiver
CVSS 3.3
CVE-2022-44725 HIGH
OPC Foundation Local Discovery Server <= 1.04.403.478 - Privilege Escalation via Hard-Coded Configuration File Path
CVSS 7.8
CVE-2022-34314 MEDIUM
IBM CICS TX 11.1 - Exposure of Sensitive Information via Insecure Permission Settings
CVSS 4.0
CVE-2022-45193 MEDIUM
CBRN-Analysis < 22 - Unprotected User Data Exposure via Weak File Permissions
CVSS 5.9
CVE-2022-44746 MEDIUM
Acronis Cyber Protect Home Office < 40107 - Sensitive Information Exposure via Insecure Folder Permissions
CVSS 5.5
Details
Vulnerabilities 1,663
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits