CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732
CVE-2018-6040 MEDIUM
Google Chrome <64.0.3282.119 - CSRF
CVSS 6.5
CVE-2018-14825 MEDIUM
Honeywell Mobile Computers - Multiple Versions - Info Disclosure
CVSS 5.8
CVE-2018-11240 CRITICAL
SoftCase T-Router Firmware - Unauthenticated Remote Code Execution via T-Router Protocol
CVSS 9.8
CVE-2018-1711 HIGH
IBM DB2 9.7, 10.1, 10.5, 11.1 - Privilege Escalation via Task Column Modification
CVSS 8.4
CVE-2018-11277 HIGH
Qualcomm Snapdragon Firmware - Incorrect Permission Assignment for Critical Resource via com.qualcomm.embms
CVSS 7.8
CVE-2018-16958 MEDIUM
Oracle WebCenter Interaction Portal 10.3.3 - Info Disclosure
CVSS 5.4
CVE-2018-17037 HIGH
UCMS 1.4.6 - Privilege Escalation via User Level Mishandling
CVSS 8.8
CVE-2018-12168 HIGH
Intel Computing Improvement Program < 2.2.0.03942 - Incorrect Permission Assignment
CVSS 7.8
CVE-2018-12162 HIGH
Intel OpenVINO Toolkit <2018.1.265 - Code Injection
CVSS 7.8
CVE-2018-12148 HIGH
Intel Driver and Support Assistant <3.5.0.1 - Privilege Escalation
CVSS 7.8
CVE-2018-15502 HIGH
Lone Wolf Technologies loadingDOCS 2018-08-13 - Unauthenticated Arbitrary File Download via Predictable URLs
CVSS 7.5
CVE-2018-13412 HIGH
Zohocorp Manageengine Desktop Central < 10.0.282 - Incorrect Permission Assignment
CVSS 7.8
CVE-2018-13411 HIGH
Zohocorp Manageengine Desktop Central < 10.0.282 - Incorrect Permission Assignment
CVSS 8.8
CVE-2018-11078 MEDIUM
Dell EMC VPlex GeoSynchrony < 6.1 - Authenticated VPN Configuration File Exposure
CVSS 4.0
CVE-2018-16715 HIGH
Absolute CTES Windows Agent < 1.0.0.1479 - Unauthorized File Write via Insecure Directory Permissions
CVSS 8.8
CVE-2018-16703 MEDIUM
Gleez CMS 1.2.0 - Unauthenticated User Enumeration and Brute-Force Attack via Login Page
CVSS 5.3
CVE-2018-1000660 HIGH
Tock < 1.2 - Insecure Permissions in TBF Header Package Name Handling
CVSS 7.5
CVE-2018-16145 HIGH
Opsview < 5.3.1 and 5.4.x < 5.4.2 - Privilege Escalation via Boot Script File Manipulation
CVSS 8.1
CVE-2018-15681 CRITICAL
BTITeam XBTIT <2.5.4 - Info Disclosure
CVSS 9.8
CVE-2018-16545 HIGH
Kaizen Asset Manager and Training Manager - Arbitrary Code Execution via File Impersonation
CVSS 7.8
CVE-2018-6598 HIGH
Orbic Wonder RC555L Firmware - Unauthenticated Factory Reset via com.android.server.MasterClearReceiver
CVSS 7.1
CVE-2018-15869 MEDIUM
HashiCorp Packer < 1.3.0 - Incorrect Permission Assignment for Critical Resource
CVSS 5.3
CVE-2018-15809 MEDIUM
AccuPOS 2017.8 - Incorrect Permission Assignment for Critical Resource
CVSS 5.5
CVE-2018-1000226 CRITICAL
Cobbler <2.6.11 - Privilege Escalation
CVSS 9.8
CVE-2018-1000649 HIGH
LibreHealthIO lh-ehr REL-2.0.0 - Authenticated RCE
CVSS 8.8
Details
Vulnerabilities 1,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits