Description
The product does not properly manage a user within its environment.
Extended Description
Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.
CVE vulnerabilities with CWE-286 (30)
9.8
CVSS
CRITICAL
CVE-2023-26689
pub. 2024-09-25
9.5
CVSS
CRITICAL
CVE-2024-48853
pub. 2025-05-22
8.7
CVSS
HIGH
CVE-2026-35638
pub. 2026-04-09
8.4
CVSS
HIGH
CVE-2025-7972
pub. 2025-08-14
8.2
CVSS
HIGH
CVE-2023-3932
pub. 2023-08-03
8.1
CVSS
HIGH
CVE-2025-59943
pub. 2025-10-03
8.0
CVSS
HIGH
CVE-2024-28020
pub. 2024-06-11
7.8
CVSS
HIGH
CVE-2023-25519
pub. 2023-09-12
7.5
CVSS
HIGH
CVE-2024-9312
pub. 2024-10-10
7.5
CVSS
HIGH
CVE-2022-35503
pub. 2024-04-22
7.3
CVSS
HIGH
CVE-2024-58105
pub. 2025-03-25
7.3
CVSS
HIGH
CVE-2021-21553
pub. 2021-08-03
7.1
CVSS
HIGH
CVE-2023-20253
pub. 2023-09-27
6.8
CVSS
MEDIUM
CVE-2024-27269
pub. 2024-05-14
6.5
CVSS
MEDIUM
CVE-2025-63563
pub. 2025-10-31
6.5
CVSS
MEDIUM
CVE-2022-45857
pub. 2023-01-05
6.5
CVSS
MEDIUM
CVE-2022-32260
pub. 2022-06-14
6.2
CVSS
MEDIUM
CVE-2024-46671
pub. 2025-04-08
5.9
CVSS
MEDIUM
CVE-2023-0857
pub. 2023-05-11
5.9
CVSS
MEDIUM
CVE-2021-26262
pub. 2021-11-19
Showing 20 of 30 vulnerabilities