Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-22234 HIGH

Spring Security <6.1.7 & <6.2.2 - Info Disclosure

CVE-2024-25981 MEDIUM

moodle 4.1.0-4.1.8, 4.3.0-4.3.2 - Improper Access Control in Forum Export

CVE-2024-25980 MEDIUM

moodle 4.1.0-4.1.8, 4.3.0-4.3.2 - Improper Access Control in H5P Attempts Report

CVE-2024-1343 MEDIUM

LaborOfficeFree 19.10 - Authenticated Improper Access Control in Backup Directory

CVE-2024-20951 MEDIUM

Oracle Customer Interaction History 12.2.3-12.2.13 - Unauthenticated Improper Access Control in Outcome-Result Component

CVE-2024-20931 HIGH

Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Unauthorized Data Access via T3/IIOP

CVE-2024-20929 MEDIUM

Oracle Application Object Library 12.2.3-12.2.13 - Unauthenticated Improper Access Control via DB Privileges

CVE-2024-20927 HIGH

Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Improper Access Control via HTTP

CVE-2024-20911 LOW

Oracle Audit Vault and Database Firewall 20.1-20.9 - Unauthorized Data Access via Firewall Component

CVE-2024-0036 HIGH

Android - Local Privilege Escalation via ActivityTaskManagerService Logic Error

CVE-2024-0032 MEDIUM

Android - Local Privilege Escalation via Improper Directory Access Control

CVE-2024-24386 HIGH

VitalPBX 3.2.4-5 - Arbitrary Code Execution via Scripts Folder

CVE-2024-24300 CRITICAL

4ipnet EAP-767 v3.42.00 - Improper Access Control via Static Session Cookie

CVE-2024-25121 HIGH

TYPO3 8.0.0-8.7.56 - Authenticated Improper Access Control in File Abstraction Layer

CVE-2024-25120 MEDIUM

TYPO3 Core - Unauthorized Resource Access via t3:// URI Scheme

CVE-2024-24751 MEDIUM

sf_event_mgt 7.0.0-7.3.9 - Improper Access Control in Backend Module

CVE-2024-21401 CRITICAL

Microsoft Entra Jira Single-Sign-On Plugin < 1.1.2 - Elevation of Privilege

CVE-2024-21376 CRITICAL

Azure Kubernetes Service - Remote Code Execution in Confidential Container

CVE-2024-21364 CRITICAL

Microsoft Azure Site Recovery - Elevation of Privilege

CVE-2024-20695 MEDIUM

Skype for Business - Info Disclosure

CVE-2024-1439 MEDIUM

Moodle < 4.2.11 - Improper Access Control

CVE-2024-24776 LOW

Mattermost < 8.1.7 and 8.1.8 - Unauthenticated Channel Member Count Leak via API

CVE-2024-25677 HIGH

Min < 1.31.0 - Improper Access Control via Local File Origin Handling

CVE-2024-25106 CRITICAL

OpenObserve < 0.8.0 - Authenticated Unauthorized User Removal via /api/{org_id}/users/{email_id} Endpoint

CVE-2024-24830 CRITICAL

OpenObserve < 0.8.0 - Authenticated Privilege Escalation via User Creation Endpoint

Previous Page 113 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy