CWE · MITRE source
CWE-281Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
PS-5 | Personnel Transfer | PS | Forces removal or modification of permissions no longer required after reassignment, preventing improper preservation of old access rights. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2017-8543 KEV | 9.1 | 9.8 | 0.8514 | 2017-06-15 |
CVE-2024-46310 | 6.8 | 9.1 | 0.8300 | 2025-01-13 |
CVE-2021-33990 | 5.9 | 9.8 | 0.6638 | 2023-04-16 |
CVE-2023-34034 | 4.7 | 9.1 | 0.4791 | 2023-07-19 |
CVE-2022-1227 | 3.8 | 8.8 | 0.3372 | 2022-04-29 |
CVE-2017-8589 | 3.7 | 9.8 | 0.2839 | 2017-07-11 |
CVE-2017-8563 | 2.7 | 8.1 | 0.1792 | 2017-07-11 |
CVE-2022-38577 | 2.6 | 8.8 | 0.1404 | 2022-09-19 |
CVE-2017-8578 | 2.3 | 7.8 | 0.1207 | 2017-07-11 |
CVE-2023-47463 | 2.2 | 9.8 | 0.0446 | 2023-11-30 |
CVE-2024-54880 | 2.2 | 9.1 | 0.0552 | 2025-01-06 |
CVE-2020-36070 | 2.1 | 9.8 | 0.0256 | 2023-04-26 |
CVE-2024-54879 | 2.1 | 9.1 | 0.0429 | 2025-01-06 |
CVE-2017-8465 | 2.0 | 7.8 | 0.0699 | 2017-06-15 |
CVE-2018-4115 | 2.0 | 9.8 | 0.0116 | 2018-04-03 |
CVE-2019-0233 | 2.0 | 7.5 | 0.0778 | 2020-09-14 |
CVE-2020-18890 | 2.0 | 9.8 | 0.0064 | 2021-05-06 |
CVE-2021-32465 | 2.0 | 8.8 | 0.0344 | 2021-08-04 |
CVE-2021-29971 | 2.0 | 9.8 | 0.0041 | 2021-08-05 |
CVE-2023-28668 | 2.0 | 9.8 | 0.0080 | 2023-04-02 |
CVE-2024-36532 | 2.0 | 10.0 | 0.0013 | 2024-06-21 |
CVE-2024-41644 | 2.0 | 9.8 | 0.0015 | 2024-12-06 |
CVE-2024-41645 | 2.0 | 9.8 | 0.0015 | 2024-12-06 |
CVE-2024-41646 | 2.0 | 9.8 | 0.0015 | 2024-12-06 |
CVE-2024-41648 | 2.0 | 9.8 | 0.0013 | 2024-12-06 |