CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2022-31464 HIGH
Adaware Protect <1.2.439.4251 - Privilege Escalation
CVSS 7.8
CVE-2022-32155 HIGH
Splunk < 9.0 - Unauthenticated Remote Management Services Exposure
CVSS 7.5
CVE-2022-31465 HIGH
Xpedition Designer <VX.2.10-<VX.2.13 - Privilege Escalation
CVSS 7.8
CVE-2022-33175 CRITICAL
Powertek firmware <3.30.30 - Info Disclosure
CVSS 9.8
CVE-2022-1412 HIGH
Log WP_Mail < 0.1 - Unauthenticated Sensitive Information Exposure via Predictable Filename
CVSS 7.5
CVE-2022-25151 HIGH
ITarian Service Desk < 6.35.37347.20040 - Sensitive Cookie Exposure via Missing Secure and HttpOnly Flags
CVSS 7.5
CVE-2022-30700 HIGH
Trend Micro Apex One/Apex One as a Service - Privilege Escalation
CVSS 7.8
CVE-2022-1348 MEDIUM
logrotate 3.17.0-3.19.0 - Unauthenticated Denial of Service via State File Lock
CVSS 6.5
CVE-2022-30990 HIGH
Acronis Cyber Protect <15 - Info Disclosure
CVSS 7.5
CVE-2022-25172 MEDIUM
InHand Networks InRouter302 < 3.5.4 - Session Cookie Information Disclosure via Missing HttpOnly Flag
CVSS 6.1
CVE-2022-23743 HIGH
Check Point ZoneAlarm < 15.8.211.192119 - Privilege Escalation and Arbitrary File Write via Weak Directory Permissions
CVSS 7.8
CVE-2022-29263 HIGH
F5 BIG-IP APM <16.1.2.2, <15.1.5.1, <14.1.4.6, <13.1.5, <=12.1.x, <...
CVSS 7.8
CVE-2022-26340 MEDIUM
F5 BIG-IP/BIG-IQ Authenticated Certificate and Key File Access via SCP
CVSS 4.9
CVE-2022-22521 HIGH
Miele Benchmark Programming Tool <1.2.71 - Privilege Escalation
CVSS 7.3
CVE-2022-24886 LOW
Nextcloud Android < 3.19.0 - Unauthorized Contact Data Exposure via Notification Permission
CVSS 2.2
CVE-2022-24872 HIGH
Shopware < 6.4.10.1 - Incorrect Permission Assignment for Critical Resource
CVSS 8.1
CVE-2022-29527 HIGH
Amazon AWS amazon-ssm-agent < 3.1.1208.0 - Privilege Escalation via World-Writable Sudoers File
CVSS 7.0
CVE-2022-22960 HIGH KEV
VMware Workspace ONE Access CVE-2022-22960
CVSS 7.8
CVE-2022-23448 HIGH
SIMATIC Energy Manager Basic and PRO < 7.3 Update 1 - Local Privilege Escalation via Improper Directory Permissions
CVSS 7.8
CVE-2022-1316 HIGH
ZeroTier One < 1.8.8 - Local Privilege Escalation via Incorrect Permission Assignment
CVSS 8.8
CVE-2022-0556 HIGH
Zyxel AP Configurator <1.1.4 - Privilege Escalation
CVSS 7.3
CVE-2022-22516 HIGH
CODESYS Control RTE SL < 3.5.18.0 - Unauthenticated Memory Access via SysDrv3S Driver
CVSS 7.8
CVE-2022-26250 HIGH
Synaman <5.1 - Privilege Escalation
CVSS 7.8
CVE-2022-26281 HIGH
BigAnt Server <5.6.06 - Info Disclosure
CVSS 7.5
CVE-2022-23869 MEDIUM
RuoYi 4.7.2 - Incorrect Permission Assignment for Critical Resource via /system/user/resetPwd
CVSS 6.5
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits