CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732
CVE-2017-0913 MEDIUM
Ubiquiti UCRM 2.3.0-2.7.7 - Info Disclosure
CVSS 4.7
CVE-2017-7821 CRITICAL
Firefox < 56 - Unauthenticated Arbitrary File Download and Open via WebExtensions
CVSS 9.8
CVE-2017-5456 CRITICAL
Redhat Enterprise Linux < 53.0 - Incorrect Permission Assignment
CVSS 9.8
CVE-2017-5426 MEDIUM
Firefox < 52 - Privilege Escalation
CVSS 5.3
CVE-2017-18285 HIGH
burp < 2.1.32 - Incorrect Permission Assignment for Critical Resource
CVSS 7.1
CVE-2017-18284 HIGH
burp < 2.1.32 - Incorrect Permission Assignment for Critical Resource
CVSS 7.1
CVE-2017-2612 MEDIUM
Jenkins <2.44, 2.32.2 - Privilege Escalation
CVSS 5.4
CVE-2017-4952 HIGH
VMware Xenon <1.5.4-1.5.7 - Auth Bypass
CVSS 7.5
CVE-2017-1624 MEDIUM
IBM QRadar <7.3.1 - Info Disclosure
CVSS 4.2
CVE-2017-18226 MEDIUM
jabberd2 < 2.6.1 - Unauthenticated Arbitrary Process Termination via PID File Manipulation
CVSS 5.5
CVE-2017-18225 HIGH
jabberd2 < 2.6.1 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2017-6928 MEDIUM
Drupal core 7.x <7.57 - Auth Bypass
CVSS 5.3
CVE-2017-9268 MEDIUM
openSUSE open_build_service < 2.8.2 - Authenticated Denial of Service via Incorrect Permission Check
CVSS 4.4
CVE-2017-15352 LOW
Huawei OceanStor 2800 V3, 5300 V3, 5500 V3, 5600 V3, 5800 V3 - Incorrect Permission Assignment for Critical Resource
CVSS 3.1
CVE-2017-13236 HIGH
Android 8.0-8.1 - Incorrect Permission Assignment for Critical Resource in KeyStore Service
CVSS 7.8
CVE-2017-16945 HIGH
Arq < 5.10 - Local Privilege Escalation via Crafted Restore Path
CVSS 7.8
CVE-2017-16928 HIGH
Arq < 5.10 - Local Privilege Escalation via Crafted Update URL
CVSS 7.8
CVE-2017-1000403 HIGH
Jenkins Speaks! - Privilege Escalation
CVSS 8.8
CVE-2017-16885 CRITICAL
FiberHome LM53Q1 VH519R05C01S38 - Info Disclosure
CVSS 9.8
CVE-2017-1459 MEDIUM
IBM Security Access Manager 8.0.0 and 9.0.0 - Incorrect Permission Assignment for Critical Resource
CVSS 4.2
CVE-2017-17867 HIGH
Inteno iopsys 2.0-3.14 and 4.0 - Authenticated Remote Code Execution via odhcpd leasetrigger Field
CVSS 8.8
CVE-2017-1699 LOW
IBM MQ MF 8.0-9.0 - Privilege Escalation
CVSS 3.3
CVE-2017-1000485 HIGH
Nylas Mail Lives <2.2.2 - Info Disclosure
CVSS 7.8
CVE-2017-1000461 MEDIUM
Brave Software's Brave Browser <0.19.73 - Info Disclosure
CVSS 4.7
CVE-2017-5260 HIGH
Cambium Networks cnPilot <4.3.2-R4 - Info Disclosure
CVSS 8.8
Details
Vulnerabilities 1,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits