CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2021-42954 HIGH
Zoho Remote Access Plus Server - Privilege Escalation
CVSS 7.8
CVE-2021-37207 HIGH
SENTRON powermanager V3 < 3.6 - Authenticated Privilege Escalation via Configuration Folder Access Rights
CVSS 7.8
CVE-2021-41170 CRITICAL
neoan3-apps/template <1.1.1 - Code Injection
CVSS 9.8
CVE-2021-20526 MEDIUM
IBM Planning Analytics 2.0 - Info Disclosure
CVSS 5.3
CVE-2021-41589 CRITICAL
Gradle Enterprise <2021.3 & Build Cache Node <10.0 - Unauthenticated RCE via Cache Poisoning
CVSS 9.8
CVE-2021-37364 HIGH
OpenClinic GA 5.194.18 - Authenticated Insecure Permissions and Unquoted Service Path
CVSS 7.8
CVE-2021-40343 HIGH
Nagios XI <5.8.5 - Privilege Escalation
CVSS 7.8
CVE-2021-38475 HIGH
Database Server - Privilege Escalation
CVSS 7.3
CVE-2021-31377 MEDIUM
Junos OS Multiple Versions - Authenticated Denial of Service via RPD Crash
CVSS 5.5
CVE-2021-26589 MEDIUM
HPE Superdome Flex Firmware < 3.40.106 - Cross-Site Scripting via Missing HttpOnly Attribute in Session Cookie
CVSS 6.1
CVE-2021-41802 LOW
HashiCorp Vault < 1.7.5 - Privilege Escalation via Entity Alias Merging
CVSS 2.9
CVE-2021-34758 MEDIUM
Cisco TelePresence Collaboration Endpoint < 10.7.2 & RoomOS < 10.7.1.2 - DoS via Shared Memory Corruption
CVSS 4.4
CVE-2021-20264 HIGH
OpenJDK - Privilege Escalation via /etc/passwd Modification
CVSS 7.8
CVE-2021-0692 HIGH
Android - Local Privilege Escalation via Unsafe PendingIntent in FirstScreenBroadcast
CVSS 7.8
CVE-2021-41091 MEDIUM
Moby < 20.10.9 - Unprivileged Host User Data Exposure and Privilege Escalation via Insufficient Directory Permissions
CVSS 6.3
CVE-2021-39868 MEDIUM
GitLab 8.12.0-14.1.7 - Authenticated Unlimited Repository Size Assignment via Project Export
CVSS 4.3
CVE-2021-3747 HIGH
Multipass <1.7.2 - Privilege Escalation
CVSS 8.8
CVE-2021-35202 MEDIUM
NETSCOUT Systems nGeniusONE <6.3.0 - Auth Bypass
CVSS 4.3
CVE-2021-34410 HIGH
Zoom Plugin for Microsoft Outlook for Mac < 5.0.25611.0521 - Privilege Escalation via User-Writable Application Bundle
CVSS 7.8
CVE-2021-34409 HIGH
Zoom Meetings < 5.2.0 - Privilege Escalation via User-Writable Installation Scripts
CVSS 7.8
CVE-2021-40067 MEDIUM
NetMotion Mobility < 12.14 - Authenticated Incorrect Permission Assignment for Critical Resource
CVSS 6.8
CVE-2021-40066 MEDIUM
NetMotion Mobility < 11.76 - Authenticated Incorrect Permission Assignment for Critical Resource
CVSS 5.3
CVE-2021-39210 MEDIUM
GLPI < 9.5.6 - Unprotected Autologin Cookie Exposure via Remember Me Feature
CVSS 6.5
CVE-2021-26434 HIGH
Visual Studio 2017 15.0-15.8 and 2019 16.0-16.10 - Elevation of Privilege via Incorrect Permission Assignment
CVSS 7.8
CVE-2021-22149 HIGH
Elastic Enterprise Search App Search < 7.14.0 - Authenticated Missing Authorization via Alternate API Route
CVSS 8.8
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits