CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2021-33586 MEDIUM
InspIRCd <3.10.0 - Memory Corruption
CVSS 4.3
CVE-2021-33509 CRITICAL
Plone < 5.2.4 - Authenticated Arbitrary File Write via ReStructuredText Transform
CVSS 9.9
CVE-2021-31475 HIGH
SolarWinds Orion Job Scheduler 2020.2.1 HF 2 - Authenticated Remote Code Execution via JobRouterService WCF Service
CVSS 8.8
CVE-2021-22117 HIGH
RabbitMQ 3.8.0-3.8.15 - Unauthenticated Arbitrary Plugin Installation via Insecure Plugin Directory Permissions
CVSS 7.8
CVE-2021-20996 MEDIUM
WAGO Managed Switches - Info Disclosure
CVSS 5.3
CVE-2021-31167 HIGH
Windows 10 and Windows Server 2016/2019 - Privilege Escalation via Container Manager Service
CVSS 7.8
CVE-2021-31907 MEDIUM
JetBrains TeamCity < 2020.2.2 - Incorrect Permission Assignment for Plugin Changes
CVSS 5.3
CVE-2021-31902 HIGH
JetBrains YouTrack < 2020.6.6600 - Incorrect Permission Assignment for Critical Resource
CVSS 7.5
CVE-2021-32056 MEDIUM
Cyrus IMAP < 3.2.7 and 3.3.x-3.4.x < 3.4.1 - Authenticated Access Control Bypass via Server Annotations
CVSS 4.3
CVE-2021-32101 HIGH
OpenEMR 5.0.2.1 - Unauthenticated Incorrect Permission Assignment for Critical Resource in Patient Portal
CVSS 8.2
CVE-2021-31918 HIGH
Red Hat OpenStack 16.1 - Exposure of Sensitive Information via Ansible Log File
CVSS 7.5
CVE-2021-29247 MEDIUM
BTCPay Server <= 1.0.7.0 - Sensitive Information Exposure via Missing HTTPOnly Cookie Flag
CVSS 5.3
CVE-2021-20326 MEDIUM
MongoDB 4.4.0-4.4.3 - Denial of Service via Find Query
CVSS 6.5
CVE-2021-28269 HIGH
Soyal Technology 701Client <9.0.1 - Privilege Escalation
CVSS 8.8
CVE-2021-22669 HIGH
WebAccess/SCADA <9.0.1 - Privilege Escalation
CVSS 8.8
CVE-2021-31540 HIGH
Wowza Streaming Engine <= 4.8.5 - Incorrect File Permissions in conf/ Directory
CVSS 7.1
CVE-2021-28098 HIGH
Forescout CounterACT <8.1.4 - Privilege Escalation
CVSS 7.8
CVE-2021-22716 HIGH
C-Bus Toolkit < 1.15.7 - Remote Code Execution via Unprivileged File Modification
CVSS 7.8
CVE-2021-28646 MEDIUM
Trend Micro Apex One and OfficeScan XG SP1 - Insecure File Permissions
CVSS 5.5
CVE-2021-28645 HIGH
Trend Micro Apex One and OfficeScan XG SP1 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2021-25253 HIGH
Trend Micro Apex One <SP1 - Privilege Escalation
CVSS 7.8
CVE-2021-25250 HIGH
Trend Micro Apex One - Privilege Escalation
CVSS 7.8
CVE-2021-28374 HIGH
Debian courier-authlib <0.71.1-2 - Info Disclosure
CVSS 7.5
CVE-2021-27070 HIGH
Windows 10 and Windows Server 2016 - Elevation of Privilege via Update Assistant
CVSS 7.3
CVE-2021-21364 MEDIUM
swagger-codegen < 2.4.19 - Insecure Temporary File Permissions
CVSS 5.3
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits