CWE · MITRE source
CWE-281Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Last updated: 20 May 2026 08:06 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
PS-5 | Personnel Transfer | PS | Forces removal or modification of permissions no longer required after reassignment, preventing improper preservation of old access rights. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2017-8543 KEV UPD | 9.1 | 9.8 | 0.8514 | 2017-06-15 |
CVE-2024-46310 | 6.8 | 9.1 | 0.8300 | 2025-01-13 |
CVE-2021-33990 | 5.9 | 9.8 | 0.6638 | 2023-04-16 |
CVE-2023-34034 | 4.8 | 9.1 | 0.4929 | 2023-07-19 |
CVE-2022-1227 | 3.8 | 8.8 | 0.3372 | 2022-04-29 |
CVE-2017-8589 UPD | 3.7 | 9.8 | 0.2839 | 2017-07-11 |
CVE-2017-8563 UPD | 2.7 | 8.1 | 0.1792 | 2017-07-11 |
CVE-2022-38577 | 2.6 | 8.8 | 0.1404 | 2022-09-19 |
CVE-2017-8578 UPD | 2.3 | 7.8 | 0.1207 | 2017-07-11 |
CVE-2023-47463 | 2.2 | 9.8 | 0.0446 | 2023-11-30 |
CVE-2024-54880 | 2.2 | 9.1 | 0.0552 | 2025-01-06 |
CVE-2020-36070 | 2.1 | 9.8 | 0.0291 | 2023-04-26 |
CVE-2024-54879 | 2.1 | 9.1 | 0.0429 | 2025-01-06 |
CVE-2017-8465 UPD | 2.0 | 7.8 | 0.0699 | 2017-06-15 |
CVE-2018-4115 | 2.0 | 9.8 | 0.0116 | 2018-04-03 |
CVE-2019-0233 | 2.0 | 7.5 | 0.0778 | 2020-09-14 |
CVE-2020-18890 | 2.0 | 9.8 | 0.0064 | 2021-05-06 |
CVE-2021-32465 | 2.0 | 8.8 | 0.0344 | 2021-08-04 |
CVE-2021-29971 | 2.0 | 9.8 | 0.0041 | 2021-08-05 |
CVE-2023-28668 | 2.0 | 9.8 | 0.0080 | 2023-04-02 |
CVE-2024-36532 | 2.0 | 10.0 | 0.0013 | 2024-06-21 |
CVE-2024-41644 | 2.0 | 9.8 | 0.0015 | 2024-12-06 |
CVE-2024-41645 | 2.0 | 9.8 | 0.0015 | 2024-12-06 |
CVE-2024-41646 | 2.0 | 9.8 | 0.0015 | 2024-12-06 |
CVE-2024-41648 | 2.0 | 9.8 | 0.0013 | 2024-12-06 |