CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732
CVE-2018-15491 HIGH
Zemana AntiLogger < 1.9.3.602 - Unauthenticated Whitelist Bypass via MyRules2.ini
CVSS 7.5
CVE-2018-15482 CRITICAL
LG Android 6.0-8.1 - Incorrect Permission Assignment for Critical Resource
CVSS 9.8
CVE-2018-14982 CRITICAL
LG Android 6.0-8.1 - Incorrect Permission Assignment in GNSS Application
CVSS 9.8
CVE-2018-14981 CRITICAL
LG Android 6.0-8.1 - Incorrect Permission Assignment for Critical Resource in SystemUI Intents
CVSS 9.8
CVE-2018-5546 HIGH
F5 BIG-IP APM <7.1.7.1 - Info Disclosure
CVSS 7.8
CVE-2018-11454 HIGH
SIMATIC STEP 7 and WinCC (TIA Portal) V10-V15 - Unauthenticated Incorrect Default Permissions
CVSS 8.6
CVE-2018-11453 HIGH
Siemens Simatic Step 7 (tia Portal) - Incorrect Permission Assignment
CVSS 7.8
CVE-2018-1551 LOW
IBM WebSphere MQ 8.0.0.2-8.0.0.8 and 9.0.0.0-9.0.0.3 - Incorrect Permission Assignment via Invalid User Group Name
CVSS 3.1
CVE-2018-5490 HIGH
Clustered Data ONTAP <8.3 - Info Disclosure
CVSS 8.8
CVE-2018-12467 MEDIUM
openSUSE Open Build Service < 2.9.4 - Authenticated Package Deletion via Malicious Request
CVSS 6.0
CVE-2018-12466 MEDIUM
openSUSE openbuildservice <9.2.4 - Privilege Escalation
CVSS 4.4
CVE-2018-10869 HIGH
redhat-certification - Info Disclosure
CVSS 7.5
CVE-2018-5540 MEDIUM
F5 BIG-IP 11.5.1-11.5.6, 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0-13.0.1 - Incorrect Permission Assignment in big3d
CVSS 4.4
CVE-2018-0392 MEDIUM
Cisco Policy Suite - Privilege Escalation
CVSS 5.5
CVE-2018-1000211 HIGH
Doorkeeper >=4.2.0 - Info Disclosure
CVSS 7.5
CVE-2018-1000209 HIGH
Sensu Core <1.4.2-3 - Code Injection
CVSS 8.8
CVE-2018-1000207 HIGH
MODX Revolution <=2.6.4 - File Creation
CVSS 7.2
CVE-2018-14043 CRITICAL
mstdlib 1.2.0 - Incorrect Permission Assignment for Critical Resource in File Copy Operation
CVSS 9.8
CVE-2018-12979 MEDIUM
WAGO e!DISPLAY 762-3000/762-3001/762-3002/762-3003 < FW 02 - Authenticated Arbitrary File Write via WBM File Upload
CVSS 6.5
CVE-2018-13791 CRITICAL
ABBYY FlexiCapture - Access Control Bypass via SevaUserProfile Parameter
CVSS 9.8
CVE-2018-1000621 HIGH
Mycroft AI mycroft-core <18.2.8b - RCE
CVSS 8.1
CVE-2018-11259 HIGH
Qualcomm Mdm9206 Firmware - Incorrect Permission Assignment
CVSS 7.7
CVE-2018-13110 HIGH
Adbglobal Dv2210 Firmware - Incorrect Permission Assignment
CVSS 7.5
CVE-2018-13122 MEDIUM
OneFileCMS < 3.6.13 - Arbitrary File Deletion via Delete File Screen
CVSS 6.5
CVE-2018-11642 HIGH
Dialogic PowerMedia XMS <= 3.5 - Incorrect Permission Assignment for Critical Resource in cleanzip.sh
CVSS 7.8
Details
Vulnerabilities 1,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits