CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2021-31894 HIGH
Siemens Simatic Pcs 7 Firmware < 8.2 - Incorrect Permission Assignment
CVSS 8.8
CVE-2021-22921 HIGH
Node.js <16.4.1,14.17.2,12.22.2 - Privilege Escalation
CVSS 7.8
CVE-2021-34110 HIGH
WinWaste.NET 1.0.6183.16475 - Unauthenticated Local Privilege Escalation via Executable Replacement
CVSS 7.8
CVE-2021-20416 MEDIUM
IBM Guardium Data Encryption <4.0.0.4 - Info Disclosure
CVSS 5.3
CVE-2021-32526 MEDIUM
QSAN Storage Manager < 3.3.1 - Authenticated Arbitrary Password File Access
CVSS 6.5
CVE-2021-36129 MEDIUM
MediaWiki <1.36 - Privilege Escalation
CVSS 4.3
CVE-2021-32729 LOW
XWiki Platform <12.6.88-13.0 - Auth Bypass
CVSS 2.0
CVE-2021-23275 HIGH
TIBCO Enterprise Runtime for R <1.2.4 & Spotfire Server <10.3.12 Privilege Escalation
CVSS 8.8
CVE-2021-32717 HIGH
Shopware <6.4.1.1 - Info Disclosure
CVSS 7.5
CVE-2021-0552 MEDIUM
Android - Local Information Disclosure via Unsafe PendingIntent in MediaOutputSlice
CVSS 5.5
CVE-2021-0572 MEDIUM
Android 11 - Local Information Disclosure via Unsafe PendingIntent in AccountManagerService
CVSS 5.5
CVE-2021-0570 HIGH
Android - Local Privilege Escalation via Unsafe PendingIntent in BugreportProgressService
CVSS 7.8
CVE-2021-27483 HIGH
ZOLL Defibrillator Dashboard <2.2 - Privilege Escalation
CVSS 7.8
CVE-2021-0477 HIGH
Android - Local Privilege Escalation via Unsafe PendingIntent in ScreenshotNotificationsController
CVSS 7.8
CVE-2021-25393 MEDIUM
SecSettings <SMR MAY-2021 Release 1 - Privilege Escalation
CVSS 6.6
CVE-2021-23022 HIGH
BIG-IP Edge Client <7.2.1.3 & <7.1.9.9 - Info Disclosure
CVSS 7.8
CVE-2021-31929 MEDIUM
Annexcloud Loyalty Experience Platform < 2021.1.0.1 - Incorrect Permission Assignment
CVSS 4.3
CVE-2021-0102 HIGH
Intel Unite < 4.2.25031 - Authenticated Privilege Escalation via Insecure Inherited Permissions
CVSS 7.8
CVE-2021-0077 HIGH
Intel VTune Profiler < 2021.1.1 - Authenticated Privilege Escalation via Insecure Installer Permissions
CVSS 7.8
CVE-2021-0056 HIGH
Intel LAPBC510 and LAPBC710 Firmware < 1.1 - Authenticated Privilege Escalation via Insecure Inherited Permissions
CVSS 7.8
CVE-2021-0055 HIGH
Intel LAPQC71A/B/C/D Firmware < 10.42 - Authenticated Privilege Escalation via Insecure Inherited Permissions
CVSS 7.8
CVE-2021-0105 HIGH
Intel WiFi Firmware < 22.0 - Authenticated Information Disclosure and Denial of Service via Insecure Permissions
CVSS 7.3
CVE-2021-32460 HIGH
Trend Micro Maximum Security 2021 v17 - Privilege Escalation via Installer Improper Access Control
CVSS 7.8
CVE-2021-23021 MEDIUM
Nginx Controller <3.7.0 - Info Disclosure
CVSS 5.5
CVE-2021-31155 HIGH
umask < 0.4 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits