CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732
CVE-2018-6593 HIGH
MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation via IOCTL 0x8000204C
CVSS 7.8
CVE-2018-6536 MEDIUM
Icinga 2.x < 2.8.1 - Incorrect Permission Assignment for Critical Resource via PID File
CVSS 5.5
CVE-2018-0089 HIGH
Cisco Policy Suite - Unauthenticated Sensitive Data Exposure via Internal VLAN Access
CVSS 7.5
CVE-2018-0088 MEDIUM
Cisco Industrial Ethernet 4010 Series Firmware - Authenticated Code Execution or DoS via CLI
CVSS 6.7
CVE-2018-0752 HIGH
Windows Kernel API - Elevation of Privilege via Permission Assignment
CVSS 7.8
CVE-2017-20198 CRITICAL
DC/OS Marathon < 1.9.0 - Docker Root Mount Code Execution
CVE-2017-20148 CRITICAL
Logcheck <1.3.23 - Privilege Escalation
CVSS 9.8
CVE-2017-16631 MEDIUM
SapphireIMS 4097_1 - Info Disclosure
CVSS 6.5
CVE-2017-16630 HIGH
SapphireIMS 4097_1 - Privilege Escalation
CVSS 8.8
CVE-2017-17677 HIGH
BMC Remedy Mid-Tier 9.1SP3 - Authenticated Remote Code Execution via BIRT Report Template
CVSS 8.8
CVE-2017-18916 MEDIUM
Mattermost Server <3.8.2-3.6.7 - Info Disclosure
CVSS 5.3
CVE-2017-18910 MEDIUM
Mattermost Server <3.8.2-3.6.7 - Info Disclosure
CVSS 4.3
CVE-2017-18896 MEDIUM
Mattermost Server <4.2.0-4.0.5 - Info Disclosure
CVSS 5.3
CVE-2017-18894 HIGH
Mattermost Server <4.2.0-4.0.5 - Auth Bypass
CVSS 8.1
CVE-2017-18886 HIGH
Mattermost Server <4.3.0-4.1.2 - Auth Bypass
CVSS 8.8
CVE-2017-18878 MEDIUM
Mattermost Server <4.3.0-4.1.2 - Privilege Escalation
CVSS 4.3
CVE-2017-18872 MEDIUM
Mattermost Server <4.4.3,4.3.3 - Auth Bypass
CVSS 4.3
CVE-2017-18876 MEDIUM
Mattermost Server <4.3.0-4.1.2 - Info Disclosure
CVSS 4.9
CVE-2017-18875 MEDIUM
Mattermost Server <4.3.0-4.1.2 - Privilege Escalation
CVSS 4.9
CVE-2017-18870 MEDIUM
Mattermost Server <4.5.0-4.3.4 - Info Disclosure
CVSS 4.3
CVE-2017-9626 CRITICAL
Marel Food Processing Systems Pluto - Unauthenticated RCE
CVSS 9.8
CVE-2017-18348 HIGH
Splunk 6.6.0-6.6.10 - Privilege Escalation via splunk-launch.conf Modification
CVSS 7.0
CVE-2017-2590 HIGH
FreeIPA < 4.4.0 - Authenticated Denial of Service via CA Management Commands
CVSS 8.1
CVE-2017-12167 MEDIUM
JBoss Enterprise Application Platform < 7.0.9 - Unauthorized Exposure of Sensitive User and Role Information
CVSS 5.5
CVE-2017-7471 CRITICAL
QEMU < 2.8.1.1 - Privilege Escalation via 9pfs Shared Directory Access Control
CVSS 9.0
Details
Vulnerabilities 1,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits