Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CVEs (1,663)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-34314 1Ibm 1Cics Tx Nov 21, 2024 Nov 14, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450.
CVE-2022-45193 1Bruhn Newtech 1Cbrn Analysis Apr 29, 2025 Nov 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation.
CVE-2022-44746 1Acronis 1Cyber Protect Home Office Nov 21, 2024 Nov 7, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVE-2022-44733 1Acronis 1Cyber Protect Home Office Nov 21, 2024 Nov 7, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.
CVE-2022-44732 1Acronis 1Cyber Protect Home Office Nov 21, 2024 Nov 7, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.
CVE-2022-2188 1Mcafee 1Data Exchange Layer Nov 21, 2024 Nov 7, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-ser...Show more Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. Show less
CVE-2022-3258 1Hypr 1Workforce Access Nov 21, 2024 Nov 3, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse.
CVE-2022-32929 1Apple 2Ipados Iphone Os May 6, 2025 Nov 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.
CVE-2022-36122 1Automox 1Automox May 8, 2025 Oct 21, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 The Automox Agent before 40 on Windows incorrectly sets permissions on key files.
CVE-2022-22248 1Juniper 1Junos Os Evolved Nov 21, 2024 Oct 18, 2022 N/A· v4 7.3 HIGH· v3 N/A· v2 An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user t...Show more An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO.Show less
CVE-2022-26238 1Beckmancoulter 1Remisol Advance Nov 21, 2024 Oct 6, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows...Show more The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.Show less
CVE-2022-26236 1Beckmancoulter 1Remisol Advance Nov 21, 2024 Oct 6, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. Th...Show more The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.Show less
CVE-2022-39284 1Codeigniter 1Codeigniter Nov 21, 2024 Oct 6, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result coo...Show more CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA.Show less
CVE-2022-2975 1Avaya 1Aura Application Enablement Services Nov 21, 2024 Oct 6, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the roo...Show more A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.Show less
CVE-2022-26240 1Beckmancoulter 1Remisol Advance Nov 21, 2024 Oct 6, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows...Show more The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.Show less
CVE-2022-26239 1Beckmancoulter 1Remisol Advance Nov 21, 2024 Oct 6, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows a...Show more The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.Show less
CVE-2022-26237 1Beckmancoulter 1Remisol Advance Nov 21, 2024 Oct 6, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows...Show more The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.Show less
CVE-2022-40756 1Actian 2Psql Zen May 20, 2025 Sep 30, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (...Show more If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.Show less
CVE-2022-23726 1Pingidentity 1Pingcentral Nov 21, 2024 Sep 30, 2022 N/A· v4 4.9 MEDIUM· v3 N/A· v2 PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.
CVE-2020-15329 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.

Previous 1...323334...84 Next