CWE-269 - Improper Privilege Management

Home/CWEs/CWE info/

CWE-269 Medium

Abstraction:
Class

Structure:
Simple

Status:
Draft

Weakness Name: Improper Privilege Management

Description: The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity

Related Weaknesses: CWE-284Improper Access Control

Release Date:
2006-07-19

Latest Modification Date:
2024-07-16

Latest Security News

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

CWE top 25 most dangerous software weaknesses

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Common Alerts

InformationalGET for POST

MediumX-Frame-Options Defined via META (Non-compliant with Spec)

LowStrict-Transport-Security Missing Max-Age (Non-compliant with Spec)

InformationalUser Controllable Charset

InformationalCross Site Scripting (Persistent) - Spider

InformationalGraphQL Endpoint Supports Introspection

HighSQL Injection - SQLite

LowStrict-Transport-Security Multiple Header Entries (Non-compliant with Spec)

MediumCross-Domain Misconfiguration

LowStrict-Transport-Security Malformed Content (Non-compliant with Spec)

Latest CVE List

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

Common CWEs

CWE-533 DEPRECATED: Information Exposure Through Server Log Files

CWE-1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations

HighCWE-311 Missing Encryption of Sensitive Data

CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

CWE-158 Improper Neutralization of Null Byte or NUL Character

CWE-1221 Incorrect Register Defaults or Module Parameters

CWE-706 Use of Incorrectly-Resolved Name or Reference

CWE-144 Improper Neutralization of Line Delimiters

CWE-106 Struts: Plug-in Framework not in Use

CWE-1280 Access Control Check Implemented After Asset is Accessed

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-269 - Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.