Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2021-37306 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | 7.5 |
| 2023-02-01 | CVE-2023-22326 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. | 4.9 |
| 2023-02-01 | CVE-2022-42972 | Incorrect Permission Assignment for Critical Resource vulnerability in Schneider-Electric products A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. | 7.8 |
| 2023-01-27 | CVE-2022-44715 | Incorrect Permission Assignment for Critical Resource vulnerability in Netscout Ngeniusone 6.3.2 Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. | 8.8 |
| 2023-01-26 | CVE-2022-44263 | Incorrect Permission Assignment for Critical Resource vulnerability in Dentsplysirona Sidexis 4.2/4.3 Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. | 7.8 |
| 2023-01-26 | CVE-2023-23610 | Incorrect Permission Assignment for Critical Resource vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package. | 6.5 |
| 2023-01-18 | CVE-2023-22592 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Robotic Process Automation for Cloud PAK IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. | 7.8 |
| 2023-01-18 | CVE-2022-34457 | Incorrect Permission Assignment for Critical Resource vulnerability in Dell Command|Configure Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. | 7.8 |
| 2023-01-13 | CVE-2022-48257 | Incorrect Permission Assignment for Critical Resource vulnerability in Eternal Terminal Project Eternal Terminal 6.2.1 In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. | 5.3 |
| 2023-01-12 | CVE-2022-39186 | Incorrect Permission Assignment for Critical Resource vulnerability in Exfo Bv-10 Firmware EXFO - BV-10 Performance Endpoint Unit misconfiguration. | 5.5 |