CVE-2023-28724

HIGH Year: 2023
CVSS v3 Score
7.1
High
Weakness Type
CWE-276
View all →

Vulnerability Description

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2017-12699

HIGH
CVSS:7.1(High)

An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with ma...

CWE-2762017

CVE-2017-1382

HIGH
CVSS:7.1(High)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker co...

CWE-2762017

CVE-2019-3688

HIGH
CVSS:7.1(High)

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had...

CWE-2762019

CVE-2019-5687

HIGH
CVSS:7.1(High)

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an obje...

CWE-2762019

CVE-2020-36611

HIGH
CVSS:7.1(High)

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi ...

CWE-2762020

CVE-2020-36652

HIGH
CVSS:7.1(High)

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server...

CWE-2762020