Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-06-23 CVE-2023-29860 Incorrect Permission Assignment for Critical Resource vulnerability in Dtstack Taier 1.3.0
An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.
network
low complexity
dtstack CWE-732
7.5
2023-06-20 CVE-2023-26427 Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite Backend
Default permissions for a properties file were too permissive.
local
low complexity
open-xchange CWE-732
3.3
2023-06-16 CVE-2023-34154 Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Harmonyos
Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.
network
low complexity
huawei CWE-732
8.2
2023-06-15 CVE-2023-34797 Incorrect Permission Assignment for Critical Resource vulnerability in Temenos CWX 8.5.6
Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information.
network
low complexity
temenos CWE-732
5.4
2023-06-15 CVE-2022-33163 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Directory Suite VA 8.0.1
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
network
low complexity
ibm CWE-732
8.1
2023-06-14 CVE-2023-35147 Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins AWS Codecommit Trigger 3.0.12
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.
network
low complexity
jenkins CWE-732
6.5
2023-06-13 CVE-2023-33695 Incorrect Permission Assignment for Critical Resource vulnerability in Hutool
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
local
low complexity
hutool CWE-732
7.1
2023-06-13 CVE-2023-30897 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Wincc
A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13).
local
low complexity
siemens CWE-732
7.8
2023-06-13 CVE-2023-31238 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Q200 Firmware
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60).
network
high complexity
siemens CWE-732
4.8
2023-06-13 CVE-2023-2876 Incorrect Permission Assignment for Critical Resource vulnerability in ABB products
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
network
low complexity
abb CWE-732
6.1