Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2021-05-21 CVE-2021-31475 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion JOB Scheduler 2020.2.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2.
network
low complexity
solarwinds CWE-732
8.8
8.8
2021-05-19 CVE-2017-17677 Incorrect Permission Assignment for Critical Resource vulnerability in BMC Remedy Mid-Tier 9.1
BMC Remedy 9.1SP3 is affected by authenticated code execution.
network
low complexity
bmc CWE-732
8.8
8.8
2021-05-18 CVE-2021-22117 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Rabbitmq
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
local
low complexity
vmware CWE-732
7.8
7.8
2021-05-13 CVE-2021-20996 Incorrect Permission Assignment for Critical Resource vulnerability in Wago products
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
network
low complexity
wago CWE-732
5.3
5.3
2021-05-11 CVE-2021-31167 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products
Windows Container Manager Service Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-732
7.8
7.8
2021-05-11 CVE-2021-31902 Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
network
low complexity
jetbrains CWE-732
7.5
7.5
2021-05-11 CVE-2021-31907 Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
network
low complexity
jetbrains CWE-732
5.3
5.3
2021-05-10 CVE-2021-32056 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
network
low complexity
cyrus fedoraproject CWE-732
4.3
4.3
2021-05-07 CVE-2021-32101 Incorrect Permission Assignment for Critical Resource vulnerability in Open-Emr Openemr 5.0.2.1
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php.
network
low complexity
open-emr CWE-732
8.2
8.2
2021-05-06 CVE-2021-31918 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openstack 16.1
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1.
network
low complexity
redhat CWE-732
7.5
7.5