CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,309 vulnerabilities with CWE-284
CVE-2022-36856 MEDIUM
Android Telecom - Unauthenticated Emergency Call Initiation via Improper Access Control
CVSS 4.0
CVE-2022-36851 LOW
Samsung Pass < 4.0.03.1 - Unauthenticated Data Exposure via Unlocked Device State
CVSS 3.9
CVE-2022-20696 HIGH
Cisco SD-WAN vManage - Info Disclosure
CVSS 7.5
CVE-2022-36088 MEDIUM
GoCD <22.2.0 - Privilege Escalation
CVSS 5.0
CVE-2022-21950 MEDIUM
openSUSE Backports SLE-15-SP3/4 - Privilege Escalation
CVSS 5.3
CVE-2022-3065 HIGH
jgraph/drawio <20.2.8 - Info Disclosure
CVSS 7.5
CVE-2022-3019 HIGH
tooljet < 1.23.0 - Improper Access Control via Forgot Password Token
CVSS 8.8
CVE-2022-32834 MEDIUM
macOS - Unprotected User Data Exposure via Sandbox Bypass
CVSS 5.5
CVE-2022-2792 MEDIUM
Emerson Electric's Proficy Machine Edition < 9.0.0 - Improper Access Control in Project Data Directory
CVSS 6.6
CVE-2022-36263 HIGH
StreamLabs Desktop App <1.9.0 - Code Injection
CVSS 7.3
CVE-2022-36024 HIGH
py-cord <2.0.1 - DoS
CVSS 7.5
CVE-2022-34259 MEDIUM
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Security Feature Bypass
CVSS 5.3
CVE-2022-34255 HIGH
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Privilege Escalation
CVSS 8.8
CVE-2022-37393 HIGH
Zimbra zmslapd arbitrary module load
CVSS 7.8
CVE-2022-38184 HIGH
Portal for ArcGIS <10.8.1 - Info Disclosure
CVSS 7.5
CVE-2022-28754 HIGH
Zoom On-Premise Meeting Connector MMR <4.8.129.20220714 - Privilege...
CVSS 7.1
CVE-2022-28753 HIGH
Zoom On-Premise Meeting Connector MMR <4.8.129.20220714 - Privilege...
CVSS 7.1
CVE-2022-36923 HIGH
Zoho ManageEngine Firewall Analyzer - Unauthenticated API Key Exposure
CVSS 7.5
CVE-2022-20358 LOW
Android - Local Information Disclosure via Missing Permission Check in AbstractThreadedSyncAdapter
CVSS 3.3
CVE-2022-33931 MEDIUM
Dell Wyse Management Suite <3.6.1 - Info Disclosure
CVSS 6.3
CVE-2022-33926 HIGH
Dell Wyse Management Suite <3.6.1 - Info Disclosure
CVSS 7.1
CVE-2022-33925 MEDIUM
Dell Wyse Management Suite <3.6.1 - Auth Bypass
CVSS 6.5
CVE-2022-33924 MEDIUM
Dell Wyse Management Suite <3.6.1 - Privilege Escalation
CVSS 4.3
CVE-2022-2702 HIGH
Company Website CMS - Improper Access Control in Cookie Handler
CVSS 7.3
CVE-2022-27660 HIGH
TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 - Denial of Service via confctl_set_guest_wlan
CVSS 7.5
Details
Vulnerabilities 5,309