VYPR

CWE-276

Incorrect Default Permissions

BaseDraftLikelihood: Medium

Description

During installation, installed file permissions are set to allow anyone to modify those files.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-127 · CAPEC-81

CVEs mapped to this weakness (474)

page 2 of 24
  • CVE-2017-16128CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.01

    The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.

  • CVE-2017-16127CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.01

    The module pandora-doomsday infects other modules. It's since been unpublished from the registry.

  • CVE-2017-0847CriNov 16, 2017
    risk 0.64cvss 9.8epss 0.00

    An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999.

  • CVE-2017-5642CriApr 3, 2017
    risk 0.64cvss 9.8epss 0.02

    During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.

  • CVE-2017-12763HigAug 29, 2017
    risk 0.61cvss 8.8epss 0.04

    An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.

  • CVE-2006-5014HigSep 27, 2006
    risk 0.61cvss 8.8epss 0.04

    Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.

  • CVE-2017-11741HigAug 8, 2017
    risk 0.60cvss 8.8epss 0.01

    HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.

  • CVE-2024-55959CriJan 21, 2025
    risk 0.59cvss 9.1epss 0.01

    Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.

  • CVE-2024-46505CriJan 9, 2025
    risk 0.59cvss 9.1epss 0.00

    Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.

  • CVE-2019-20457CriNov 7, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the…

  • CVE-2017-8625HigAug 8, 2017
    risk 0.58cvss 8.8epss 0.15

    Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass…

  • CVE-2026-49157HigJun 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin (low-privilege) web-login accounts access to Jolokia operations which…

  • CVE-2026-21765HigApr 2, 2026
    risk 0.57cvss 8.8epss 0.00

    HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.

  • CVE-2025-10314HigFeb 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation…

  • CVE-2021-47852HigJan 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and…

  • CVE-2025-62577HigOct 20, 2025
    risk 0.57cvss 8.8epss 0.00

    ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.

  • CVE-2025-11535HigOct 8, 2025
    risk 0.57cvss epss 0.00

    MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24.

  • CVE-2025-57625HigSep 16, 2025
    risk 0.57cvss 8.8epss 0.01

    CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM by replacing DataSpotliteAgent.exe or any other…

  • CVE-2024-13972HigJul 17, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.

  • CVE-2024-38499HigDec 17, 2024
    risk 0.57cvss 8.8epss 0.00

    CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a…