VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 12 of 52
  • CVE-2024-36077HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024…

  • CVE-2024-33223HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-32960HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.

  • CVE-2024-33550HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0.

  • CVE-2024-33549HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10.

  • CVE-2023-50890HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.

  • CVE-2023-48757HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.

  • CVE-2023-47782HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.

  • CVE-2023-37389HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98.

  • CVE-2023-33327HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.

  • CVE-2024-3828HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for…

  • CVE-2024-29150HigMay 7, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in…

  • CVE-2023-38292HigApr 22, 2024
    risk 0.57cvss 8.7epss 0.00

    Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due…

  • CVE-2024-31498HigApr 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator.

  • CVE-2024-1138HigMar 12, 2024
    risk 0.57cvss 8.8epss 0.00

    The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL…

  • CVE-2023-4239HigAug 9, 2023
    risk 0.57cvss 8.8epss 0.01

    The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as…

  • CVE-2020-18171HigJul 26, 2021
    risk 0.57cvss 8.8epss 0.00

    TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference…

  • CVE-2018-17855HigOct 9, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.

  • CVE-2018-0436HigOct 5, 2018
    risk 0.57cvss 8.7epss 0.01

    A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for…

  • CVE-2018-11614HigSep 24, 2018
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…