VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 14 of 52
  • CVE-2016-0732HigSep 7, 2017
    risk 0.57cvss 8.8epss 0.01

    The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone…

  • CVE-2017-11681HigJul 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.

  • CVE-2017-11361HigJul 17, 2017
    risk 0.57cvss 8.8epss 0.01

    Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.)

  • CVE-2017-4992CriJun 13, 2017
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x…

  • CVE-2017-9324HigJun 12, 2017
    risk 0.57cvss 8.8epss 0.02

    In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read…

  • CVE-2017-8438HigJun 5, 2017
    risk 0.57cvss 8.8epss 0.01

    Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties,…

  • CVE-2017-7505HigMay 26, 2017
    risk 0.57cvss 8.8epss 0.02

    Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope,…

  • CVE-2017-8114HigApr 29, 2017
    risk 0.57cvss 8.8epss 0.03

    Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.

  • CVE-2017-5940HigFeb 9, 2017
    risk 0.57cvss 8.8epss 0.00

    Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and…

  • CVE-2016-6211HigSep 9, 2016
    risk 0.57cvss 8.8epss 0.03

    The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

  • CVE-2026-22536HigJan 7, 2026
    risk 0.56cvss epss 0.00

    The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions

  • CVE-2025-34251HigOct 7, 2025
    risk 0.56cvss epss 0.01

    Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because…

  • CVE-2025-4681HigJun 10, 2025
    risk 0.56cvss epss 0.00

    Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.

  • CVE-2025-1424HigMar 4, 2025
    risk 0.56cvss epss 0.00

    A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671.

  • CVE-2024-1753HigMar 18, 2024
    risk 0.56cvss 8.6epss 0.00

    A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause…

  • CVE-2026-39118HigJun 15, 2026
    risk 0.55cvss 8.4epss 0.00

    An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.

  • CVE-2026-9789HigMay 28, 2026
    risk 0.55cvss epss 0.00

    A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to…

  • CVE-2026-9489HigMay 25, 2026
    risk 0.55cvss epss 0.00

    NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute…

  • CVE-2026-8069HigMay 8, 2026
    risk 0.55cvss epss 0.00

    PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user…

  • CVE-2025-13176HigJan 30, 2026
    risk 0.55cvss epss 0.00

    Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.