CWE-732 - Incorrect Permission Assignment for Critical Resource

Description

The software is used for allowing or prohibiting unintended users to read or modify security-critical resource. If the permission was given to more actors than it was needed, attackers can modify that resource and obtain potentially sensitive information. The weakness is the most dangerous when the resource is connected with configuration or execution of the programs or sensitive data and allows malicious users to modify and delete critical information from the target resource.
The vulnerabiity is introduced during Architecture and Design, Implementation, Installation, Operation stages.

Latest vulnerabilities for CWE-732

Incorrect permission assignment for critical resource in IBM Spectrum Symphony 2024-04-18
Low Yes

Incorrect permission assignment for critical resource in IBM Spectrum Conductor 2024-04-18
Low Yes

Incorrect permission assignment for critical resource in IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 2024-04-15
Low Yes

Multiple vulnerabilities in Siemens Telecontrol Server Basic 2024-04-15
High Yes

Multiple vulnerabilities in IBM Operational Decision Manager 2024-04-10
High Yes

Multiple vulnerabilities in NEC Aterm series 2024-04-05
Medium Yes

Multiple vulnerabilities in Apache Solr 2024-02-20
High Yes

Incorrect permission assignment for critical resource in QNAP Qsync Central 2024-02-05
Medium Yes

Multiple vulnerabilities in IBM Data Risk Manager 2024-01-31
High Yes

Multiple vulnerabilities in Rapid Software Rapid SCADA 2024-01-12
High No

References

Description of CWE-732 on Mitre website