CWE-269
Improper Privilege Management
Description
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-122 · CAPEC-233 · CAPEC-58
CVEs mapped to this weakness (1,039)
page 34 of 52| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-33500 | Med | 0.38 | 5.9 | 0.00 | Jun 11, 2024 | A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow… | ||
| CVE-2018-14825 | Med | 0.38 | 5.8 | 0.01 | Sep 24, 2018 | On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running… | ||
| CVE-2018-10906 | — | Med | 0.38 | 5.3 | 0.01 | Jul 24, 2018 | In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse… | |
| CVE-2016-10613 | — | Med | 0.38 | 5.9 | 0.01 | Jun 1, 2018 | bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |
| CVE-2016-10597 | — | Med | 0.38 | 5.9 | 0.01 | Jun 1, 2018 | cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |
| CVE-2017-10046 | Med | 0.38 | 5.4 | 0.04 | Aug 8, 2017 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged… | ||
| CVE-2017-6507 | Med | 0.38 | 5.9 | 0.02 | Mar 24, 2017 | An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by… | ||
| CVE-2026-48210 | Med | 0.37 | 5.7 | 0.00 | May 31, 2026 | An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the… | ||
| CVE-2026-39961 | Med | 0.37 | 6.8 | 0.00 | Apr 9, 2026 | Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database… | ||
| CVE-2025-69257 | — | Med | 0.37 | 6.7 | 0.00 | Dec 30, 2025 | theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations (e.g., `~/.config/theshit/`) without validating… | |
| CVE-2024-33522 | Med | 0.37 | 6.7 | 0.00 | Apr 29, 2024 | In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the… | ||
| CVE-2026-9490 | Med | 0.36 | 5.5 | 0.00 | May 25, 2026 | A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe,… | ||
| CVE-2026-32212 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | ||
| CVE-2026-32181 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. | ||
| CVE-2025-24183 | Med | 0.36 | 5.5 | 0.00 | May 19, 2025 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local user may be able to modify protected parts of the file system. | ||
| CVE-2023-32197 | Med | 0.36 | 6.6 | 0.01 | Apr 16, 2025 | A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5. | ||
| CVE-2024-54560 | Med | 0.36 | 5.5 | 0.00 | Mar 10, 2025 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission. | ||
| CVE-2025-23007 | Med | 0.36 | 5.5 | 0.00 | Jan 30, 2025 | A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. | ||
| CVE-2023-4140 | Med | 0.36 | 6.6 | 0.01 | Aug 4, 2023 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such… | ||
| CVE-2020-15368 | Med | 0.36 | 5.5 | 0.01 | Jun 29, 2020 | AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. |
- risk 0.38cvss 5.9epss 0.00
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow…
- risk 0.38cvss 5.8epss 0.01
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running…
- risk 0.38cvss 5.3epss 0.01
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse…
- risk 0.38cvss 5.9epss 0.01
bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
- risk 0.38cvss 5.9epss 0.01
cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
- risk 0.38cvss 5.4epss 0.04
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged…
- risk 0.38cvss 5.9epss 0.02
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by…
- risk 0.37cvss 5.7epss 0.00
An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the…
- risk 0.37cvss 6.8epss 0.00
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database…
- risk 0.37cvss 6.7epss 0.00
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations (e.g., `~/.config/theshit/`) without validating…
- risk 0.37cvss 6.7epss 0.00
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the…
- risk 0.36cvss 5.5epss 0.00
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe,…
- risk 0.36cvss 5.5epss 0.00
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
- risk 0.36cvss 5.5epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local user may be able to modify protected parts of the file system.
- risk 0.36cvss 6.6epss 0.01
A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.
- risk 0.36cvss 5.5epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission.
- risk 0.36cvss 5.5epss 0.00
A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.
- risk 0.36cvss 6.6epss 0.01
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such…
- risk 0.36cvss 5.5epss 0.01
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.