CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732
CVE-2018-11193 HIGH
Quest DR Series Disk Backup < 4.0.3.1 - Privilege Escalation
CVSS 8.8
CVE-2018-11192 HIGH
Quest DR Series Disk Backup < 4.0.3.1 - Privilege Escalation
CVSS 8.8
CVE-2018-11191 HIGH
Quest Disk Backup < 4.0.3.1 - Privilege Escalation
CVSS 8.8
CVE-2018-1370 MEDIUM
IBM Security Guardium Big Data Intelligence - Info Disclosure
CVSS 4.2
CVE-2018-11334 HIGH
Windscribe 1.81 - Incorrect Permission Assignment for Critical Resource via Named Pipe
CVSS 7.8
CVE-2018-1115 CRITICAL
postgresql <10.4, 9.6.9 - Privilege Escalation
CVSS 9.1
CVE-2018-5516 MEDIUM
F5 BIG-IP <13.1.0.5 - Privilege Escalation
CVSS 4.7
CVE-2018-10647 HIGH
SaferVPN 4.2.5 - Privilege Escalation
CVSS 7.8
CVE-2018-10646 HIGH
CyberGhost 6.5.0.3180 - Privilege Escalation
CVSS 7.8
CVE-2018-10645 HIGH
Golden Frog VyprVPN 2.12.1.8015 - Privilege Escalation
CVSS 7.8
CVE-2018-10520 MEDIUM
CMS Made Simple < 2.2.7 - Authenticated Arbitrary File Deletion via Module Remove Operation
CVSS 6.5
CVE-2018-10519 HIGH
CMS Made Simple 2.2.7 - Privilege Escalation via Cookie eff_uid Manipulation
CVSS 8.8
CVE-2018-10518 MEDIUM
CMS Made Simple < 2.2.7 - Authenticated Arbitrary File Deletion via Admin Dashboard
CVSS 6.5
CVE-2018-10381 CRITICAL
TunnelBear 3.2.0.6 - Privilege Escalation
CVSS 9.8
CVE-2018-10285 CRITICAL
Ericsson-LG iPECS NMS A.1Ac - Auth Bypass
CVSS 9.8
CVE-2018-10204 HIGH
PureVPN 6.0.1 - Privilege Escalation
CVSS 8.8
CVE-2018-1000165 HIGH
LightSAML <1.3.5 - Privilege Escalation
CVSS 7.5
CVE-2018-1000158 HIGH
cmsmadesimple <2.2.7 - Privilege Escalation
CVSS 8.8
CVE-2018-5342 HIGH
Zoho ManageEngine Desktop Central <10.0.184 - Privilege Escalation
CVSS 7.2
CVE-2018-10170 CRITICAL
NordVPN 6.12.7.0 - Privilege Escalation
CVSS 9.8
CVE-2018-10169 CRITICAL
ProtonVPN 1.3.3 - Privilege Escalation
CVSS 9.8
CVE-2018-1315 LOW
Apache Hive 2.1.0-2.3.2 - Arbitrary File Write via HPL/SQL COPY FROM FTP Statement
CVSS 3.7
CVE-2018-1002150 CRITICAL
Koji <1.12.1-1.15.1 - Privilege Escalation
CVSS 9.1
CVE-2018-1267 HIGH
Cloud Foundry Silk CNI plugin < 0.2.0 - Improper Access Control via Overlapping Application Security Group
CVSS 8.1
CVE-2018-1231 HIGH
BOSH CLI < 3.0.1 - Unauthenticated Access to Configuration File
CVSS 8.8
Details
Vulnerabilities 1,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits