Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2025-02-04 CVE-2024-45657 IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
local
high complexity
CWE-732
5.0
2025-01-19 CVE-2024-38337 IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.
network
low complexity
CWE-732
critical
9.1
2025-01-14 CVE-2024-11497 An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.
network
low complexity
CWE-732
8.8
2025-01-06 CVE-2024-47475 Incorrect Permission Assignment for Critical Resource vulnerability in Dell Powerscale Onefs
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability.
local
low complexity
dell CWE-732
5.5
2024-12-31 CVE-2024-45497 A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod.
network
low complexity
CWE-732
7.6
2024-12-18 CVE-2024-47104 IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file.
network
high complexity
CWE-732
6.8
2024-12-06 CVE-2024-11220 Incorrect Permission Assignment for Critical Resource vulnerability in Openautomationsoftware Open Automation Software
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself.
local
low complexity
openautomationsoftware CWE-732
7.8
2024-11-13 CVE-2024-36276 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Computing Improvement Program
Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2024-11-13 CVE-2024-36294 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Driver & Support Assistant
Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2024-11-12 CVE-2024-9842 Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Secure Access Client
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
local
low complexity
ivanti CWE-732
3.3