CWE-274 41 個 CVE MITRE 定義 ↗

CWE-274:Improper Handling of Insufficient Privileges

概覽

CWE-274(Improper Handling of Insufficient Privileges)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2025-54511 2026-05-14 Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data…
CVE-2026-33005 2026-04-09 Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (meta…
CVE-2025-62175 2025-10-13 Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from th…
CVE-2023-20516 2025-09-06 Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.
CVE-2025-29365 2025-08-22 spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.
CVE-2025-31275 2025-07-29 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to launch any installed app.
CVE-2025-20177 2025-03-12 A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affecte…
CVE-2024-46974 2025-01-30 Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.
CVE-2025-20156 2025-01-22 A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulne…
CVE-2024-12666 2024-12-16 A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component U…
CVE-2024-0106 2024-11-01 NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful expl…
CVE-2024-0105 2024-11-01 NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of se…
CVE-2024-41942 2024-08-08 JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own…
CVE-2024-20324 2024-03-27 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due …
CVE-2024-21648 2024-01-08 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of…
CVE-2023-39375 2023-09-27 SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
CVE-2023-32494 2023-08-16 Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to eleva…
CVE-2023-35928 2023-06-23 Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server…
CVE-2022-45101 2023-02-01 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability,…
CVE-2022-0668 2023-01-08 JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

曾用名

  • Insufficient Privileges (2008-04-11)
  • Failure to Handle Insufficient Privileges (2009-05-27)

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Description, Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2009-03-10 CWE Content Team 1.3 updated Maintenance_Notes, Theoretical_Notes
2009-05-27 CWE Content Team 1.4 updated Description, Name
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships
2021-03-15 CWE Content Team 4.4 updated Relationship_Notes, Theoretical_Notes
2023-01-31 CWE Content Team 4.10 updated Description, Relationships, Theoretical_Notes
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Relationships
cvelogic Threat Intelligence