Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2022-05-18 CVE-2022-30990 Incorrect Permission Assignment for Critical Resource vulnerability in Acronis Agent and Cyber Protect
Sensitive information disclosure due to insecure folder permissions.
network
low complexity
acronis CWE-732
7.5
7.5
2022-05-12 CVE-2022-25172 Incorrect Permission Assignment for Critical Resource vulnerability in Inhandnetworks Ir302 Firmware 3.5.4
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4.
network
low complexity
inhandnetworks CWE-732
6.1
6.1
2022-05-11 CVE-2022-23743 Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Zonealarm
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process.
local
low complexity
checkpoint CWE-732
7.8
7.8
2022-05-11 CVE-2021-44167 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Forticlient
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.
network
low complexity
fortinet CWE-732
7.5
7.5
2022-05-06 CVE-2021-27764 Incorrect Permission Assignment for Critical Resource vulnerability in Hcltech Bigfix Webui
Cookie without HTTPONLY flag set.
network
low complexity
hcltech CWE-732
6.5
6.5
2022-04-27 CVE-2022-24886 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform.
local
low complexity
nextcloud CWE-732
3.8
3.8
2022-04-20 CVE-2022-24872 Incorrect Permission Assignment for Critical Resource vulnerability in Shopware
Shopware is an open commerce platform based on Symfony Framework and Vue.
network
low complexity
shopware CWE-732
8.1
8.1
2022-04-20 CVE-2022-29527 Incorrect Permission Assignment for Critical Resource vulnerability in Amazon SSM Agent
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root.
local
high complexity
amazon CWE-732
7.0
7.0
2022-04-13 CVE-2022-22960 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
local
low complexity
vmware CWE-732
7.8
7.8
2022-04-12 CVE-2022-23448 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1).
local
low complexity
siemens CWE-732
7.8
7.8