CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2020-11443 HIGH
Zoom IT Installer < 4.6.10 - Unauthenticated Arbitrary File Deletion via Symbolic Link Attack
CVSS 8.1
CVE-2020-12459 MEDIUM
Grafana 6.x-6.3.6 - Info Disclosure
CVSS 5.5
CVE-2020-12458 MEDIUM
Grafana < 6.7.3 - Unprotected Database Directory Information Disclosure
CVSS 5.5
CVE-2020-8473 HIGH
ABB System 800xA Base <6.1 - Privilege Escalation
CVSS 7.3
CVE-2020-8472 MEDIUM
ABB System 800xA - Privilege Escalation
CVSS 5.5
CVE-2020-12120 HIGH
Correos Express for PrestaShop 1.6-1.7 - Sensitive Information Exposure via SOAP Interface
CVSS 7.5
CVE-2020-4311 HIGH
IBM Tivoli Monitoring 6.3.0 - Arbitrary Code Execution via DLL Hijacking
CVSS 7.0
CVE-2020-4347 HIGH
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 - Privilege Escalation via Inappropriate File Permissions
CVSS 7.3
CVE-2020-0557 HIGH
Intel PROSet/Wireless WiFi < 21.70.0.6 - Authenticated Privilege Escalation via Insecure Inherited Permissions
CVSS 7.8
CVE-2020-10699 HIGH
Linux <2.1.51 - Privilege Escalation
CVSS 7.8
CVE-2020-10513 HIGH
iCatch DVR <20200103 - Privilege Escalation
CVSS 8.8
CVE-2020-10642 HIGH
Rockwell Automation RSLinx Classic <4.11.00 - Privilege Escalation
CVSS 7.8
CVE-2020-10551 HIGH
QQBrowser <10.5.3870.400 - Privilege Escalation
CVSS 7.8
CVE-2020-4289 MEDIUM
IBM Security Information Queue 1.0.0-1.0.5 - Sensitive Information Exposure via Missing HTTPOnly Flag
CVSS 5.3
CVE-2020-11107 HIGH
XAMPP <7.2.29, <7.3.16, <7.4.4 - Command Injection
CVSS 8.8
CVE-2020-7263 MEDIUM
McAfee Endpoint Security - Unauthenticated Improper Access Control via ESconfigTool.exe
CVSS 6.5
CVE-2020-10883 HIGH
TP-Link Archer A7 Firmware <190726 - Privilege Escalation
CVSS 7.8
CVE-2020-5281 MEDIUM
Perun < 3.9.1 - LDAP Injection via ExtSource Configuration
CVSS 6.2
CVE-2020-1709 HIGH
openshift/mediawiki <4.3.0 - Privilege Escalation
CVSS 7.0
CVE-2020-1707 HIGH
openshift/postgresql-apb <4.3.0 - Privilege Escalation
CVSS 7.0
CVE-2020-1705 HIGH
openshift/template-service-broker-operator <4.3.0 - Privilege Escal...
CVSS 7.0
CVE-2020-3948 HIGH
VMware Workstation/Fusion <15.5.2-11.5.2 - Privilege Escalation
CVSS 7.8
CVE-2020-1736 LOW
Ansible < 2.7.16 - Incorrect Permission Assignment via Atomic Move Primitive
CVSS 2.2
CVE-2020-1706 HIGH
openshift/apb-tools-container - Privilege Escalation
CVSS 7.0
CVE-2020-9470 HIGH
Wing FTP Server < 6.2.5 - Session Cookie Exposure via Insecure Directory Permissions
CVSS 7.8
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits