CWE-276 - Incorrect Default Permissions

Description

The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. The weakness is introduced during Architecture and Design, Implementation, Installation, Operation stages.

Latest vulnerabilities for CWE-276

Multiple vulnerabilities in Microsoft AutoUpdate (MAU) 2025-04-09
Low Yes

Multiple vulnerabilities in AMD Ryzen AI Software 2025-04-04
Low Yes

APEX Cloud Platform for Microsoft Azure update for third-party components 2025-03-31
High Yes Public exploit

Privilege escalation in Nessus Agent for Windows 2025-03-21
Low Yes

Multiple vulnerabilities in IBM DataStage on Cloud Pak for Data 2025-03-19
High Yes Public exploit

Multiple vulnerabilities in RemoteView Agent for Windows 2025-03-06
Low Yes

Incorrect default permissions in AMD DASH CLI 2025-02-20
Low Yes

Multiple vulnerabilities in AMD Integrated Management Technology (AIM-T) 2025-02-20
Low Yes

Multiple vulnerabilities in Intel GPA and Intel GPA Framework Software 2025-02-14
Low Yes

Multiple vulnerabilities in IBM Cloud Pak for AIOps 2025-02-13
High Yes Public exploit

References

Description of CWE-276 on Mitre website