CWE-732
High likelihoodIncorrect Permission Assignment for Critical Resource
Parent: CWE-285 - Improper Authorization
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1,664 vulnerabilities with CWE-732
CVE-2022-44746
MEDIUM
Acronis Cyber Protect Home Office < 40107 - Sensitive Information Exposure via Insecure Folder Permissions
CVSS 5.5
CVE-2022-44733
HIGH
Acronis Cyber Protect Home Office < 39900 - Local Privilege Escalation via Insecure Folder Permissions
CVSS 7.8
CVE-2022-44732
HIGH
Acronis Cyber Protect Home Office < 39900 - Local Privilege Escalation via Insecure Folder Permissions
CVSS 7.8
CVE-2022-2188
MEDIUM
DXL Broker <6.0.0.280 - Privilege Escalation
CVSS 6.5
CVE-2022-3258
LOW
HYPR Workforce Access - Privilege Escalation
CVSS 3.7
CVE-2022-32929
MEDIUM
iPadOS < 15.7 - Unprotected User Data Exposure via Backup Access
CVSS 5.5
CVE-2022-36122
HIGH
Automox Agent <40 - Privilege Escalation
CVSS 7.8
CVE-2022-22248
HIGH
Juniper Networks Junos OS Evolved - Privilege Escalation
CVSS 7.3
CVE-2022-26238
MEDIUM
Beckman Coulter Remisol Advance <v2.0.12.1 - Privilege Escalation
CVSS 5.5
CVE-2022-26236
MEDIUM
Beckman Coulter Remisol Advance <v2.0.12.1 - Privilege Escalation
CVSS 5.5
CVE-2022-39284
LOW
CodeIgniter 4.0.0-4.2.6 - Cookie Security Attribute Misconfiguration
CVSS 2.6
CVE-2022-2975
HIGH
Avaya Aura Application Enablement Ser... - Improper Privilege Management
CVSS 7.7
CVE-2022-26240
MEDIUM
Beckman Coulter Remisol Advance <2.0.12.1 - Privilege Escalation
CVSS 6.5
CVE-2022-26239
MEDIUM
Beckman Coulter Remisol Advance <v2.0.12.1 - Privilege Escalation
CVSS 5.5
CVE-2022-26237
MEDIUM
Beckman Coulter Remisol Advance <v2.0.12.1 - Privilege Escalation
CVSS 5.5
CVE-2022-40756
HIGH
Actian Zen PSQL < 13 and Zen 14.0-14.21.022 - Unauthenticated Master Password Reset via Security File Removal
CVSS 8.8
CVE-2022-23726
MEDIUM
PingCentral 1.8-1.8.3 - Authenticated Exposure of Sensitive Information via Spring Boot Actuator Endpoints
CVSS 5.4
CVE-2022-32169
MEDIUM
bytebase < 1.0.4 - Unauthenticated Admin Issue Access via /issue Endpoint
CVSS 4.3
CVE-2022-40817
MEDIUM
Zammad 5.2.1 - Incorrect Permission Assignment for Critical Resource
CVSS 4.3
CVE-2022-35250
MEDIUM
Rocket.Chat < 5.0 - Authenticated Privilege Escalation via Direct Message Access
CVSS 4.3
CVE-2022-40298
HIGH
Crestron AirMedia for Windows < 5.5.1.84 - Privilege Escalation via Insecure Inherited Permissions
CVSS 8.8
CVE-2022-28802
CRITICAL
Code by Zapier <2022-08-17 - Privilege Escalation
CVSS 9.9
CVE-2022-2995
HIGH
CRI-O < 1.25.0 - Improper Access Control via Supplementary Groups Handling
CVSS 7.1
CVE-2022-2332
MEDIUM
Honeywell SoftMaster <4.51 - Privilege Escalation
CVSS 6.2
CVE-2022-22330
MEDIUM
IBM Control Desk 7.6.1 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities
1,664
Exploit Likelihood
High