CWE-269
Improper Privilege Management
Description
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-122 · CAPEC-233 · CAPEC-58
CVEs mapped to this weakness (1,039)
page 39 of 52| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-43446 | Low | 0.23 | 3.5 | 0.00 | Jan 27, 2025 | An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community… | ||
| CVE-2020-1938 | — | 0.23 | — | 0.99 | KEV | Feb 24, 2020 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be… | |
| CVE-2026-41330 | Med | 0.22 | 4.4 | 0.00 | Apr 21, 2026 | OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings,… | ||
| CVE-2026-28586 | Low | 0.21 | 3.3 | 0.00 | Jun 1, 2026 | In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0050 | Low | 0.21 | 3.3 | 0.00 | Jun 1, 2026 | In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0016 | Low | 0.21 | 3.3 | 0.00 | Jun 1, 2026 | In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | ||
| CVE-2026-8327 | Med | 0.21 | 4.3 | 0.00 | May 21, 2026 | Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update() without field whitelisting resulting in password change without… | ||
| CVE-2026-31369 | Low | 0.21 | 3.2 | 0.00 | Apr 21, 2026 | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | ||
| CVE-2024-23253 | Low | 0.21 | 3.3 | 0.00 | Mar 8, 2024 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library. | ||
| CVE-2017-2662 | — | Med | 0.21 | 4.3 | 0.01 | Aug 22, 2018 | A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id. | |
| CVE-2017-5084 | Low | 0.21 | 3.3 | 0.00 | Oct 27, 2017 | Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. | ||
| CVE-2017-6954 | Med | 0.21 | 4.3 | 0.01 | Mar 17, 2017 | An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions. | ||
| CVE-2026-53862 | Med | 0.20 | 4.2 | 0.00 | Jun 16, 2026 | OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits. | ||
| CVE-2026-46424 | Med | 0.20 | 4.2 | 0.00 | May 27, 2026 | Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint (POST /api/public/v1/roles/unassign) updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication… | ||
| CVE-2017-1150 | Low | 0.20 | 3.1 | 0.01 | Mar 8, 2017 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515. | ||
| CVE-2026-44987 | Low | 0.18 | 3.8 | 0.00 | May 8, 2026 | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled… | ||
| CVE-2024-29210 | Low | 0.18 | 2.8 | 0.00 | May 7, 2024 | A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect… | ||
| CVE-2024-39302 | Low | 0.17 | 3.7 | 0.00 | Jun 28, 2024 | BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal… | ||
| CVE-2017-10292 | Low | 0.15 | 2.3 | 0.00 | Oct 19, 2017 | Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where… | ||
| CVE-2025-57840 | — | Low | 0.14 | 2.2 | 0.00 | Dec 24, 2025 | ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability. |
- risk 0.23cvss 3.5epss 0.00
An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community…
- risk 0.23cvss —epss 0.99
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be…
- risk 0.22cvss 4.4epss 0.00
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings,…
- risk 0.21cvss 3.3epss 0.00
In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.21cvss 3.3epss 0.00
In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.21cvss 3.3epss 0.00
In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- risk 0.21cvss 4.3epss 0.00
Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update() without field whitelisting resulting in password change without…
- risk 0.21cvss 3.2epss 0.00
PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability
- risk 0.21cvss 3.3epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library.
- risk 0.21cvss 4.3epss 0.01
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
- risk 0.21cvss 3.3epss 0.00
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.
- risk 0.21cvss 4.3epss 0.01
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.
- risk 0.20cvss 4.2epss 0.00
OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.
- risk 0.20cvss 4.2epss 0.00
Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint (POST /api/public/v1/roles/unassign) updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication…
- risk 0.20cvss 3.1epss 0.01
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.
- risk 0.18cvss 3.8epss 0.00
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled…
- risk 0.18cvss 2.8epss 0.00
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect…
- risk 0.17cvss 3.7epss 0.00
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal…
- risk 0.15cvss 2.3epss 0.00
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where…
- risk 0.14cvss 2.2epss 0.00
ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.