CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,311 vulnerabilities with CWE-284
CVE-2022-2088 MEDIUM
Elcomplus SmartICS 2.3.4.0 - Authenticated Arbitrary Process Termination
CVSS 6.8
CVE-2022-2103 CRITICAL
SEPCO Control and Protection Relay Firmware 1.23.0-1.23.21 - Unauthenticated Sensitive File Read and RCE via FTP
CVSS 9.8
CVE-2022-1521 CRITICAL
Illumina Local Run Manager 1.3-3.1 - Unauthenticated Improper Access Control
CVSS 9.1
CVE-2022-27511 HIGH
Citrix Application Delivery Management < 13.0-85.19 - Unauthenticated Administrator Password Reset via SSH
CVSS 8.1
CVE-2022-28612 MEDIUM
Muneeb's Custom Popup Builder <=1.3.1 - XSS
CVSS 5.4
CVE-2022-32158 CRITICAL
Splunk < 9.0 - Unauthenticated Arbitrary Code Execution via Deployment Server
CVSS 9.0
CVE-2022-1958 MEDIUM
FileCloud <21.3.5.18513 - Info Disclosure
CVSS 6.3
CVE-2022-32256 MEDIUM
SINEMA Remote Connect Server < 3.1 - Improper Access Control
CVSS 4.3
CVE-2022-32255 MEDIUM
SINEMA Remote Connect Server < 3.1 - Unauthorized Information Access via Improper Access Control
CVSS 5.3
CVE-2022-31055 HIGH
google/kctf < 1.6.0 - Improper Access Control via set-src-ip-ranges
CVSS 7.5
CVE-2022-1659 MEDIUM
JupiterX Core <= 2.0.6 - Improper Access Control via jupiterx_conditional_manager AJAX Action
CVSS 5.4
CVE-2022-1658 MEDIUM
Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion via abb_remove_plugin AJAX Action
CVSS 5.4
CVE-2022-1656 MEDIUM
JupiterX Theme and JupiterX Core Plugin <= 2.0.6 - Authenticated Privilege Escalation via AJAX API Function Access
CVSS 5.4
CVE-2022-30745 MEDIUM
Quick Share <13.1.2.4 - Info Disclosure
CVSS 4.0
CVE-2022-30715 MEDIUM
DofViewer <SMR Jun-2022 Release 1 - Info Disclosure
CVSS 4.0
CVE-2022-31024 MEDIUM
NextCloud Collabra <6.0.0, <5.0.4, <4.2.6 - Info Disclosure
CVSS 6.5
CVE-2022-1261 MEDIUM
Honeywell Matrikon OPC Server - Privilege Escalation via IPersistFile Function
CVSS 5.8
CVE-2022-29160 LOW
Nextcloud Android <3.19.0 - Info Disclosure
CVSS 2.8
CVE-2022-28184 HIGH
NVIDIA GPU Display Driver - Improper Access Control in Kernel Mode Layer Handler
CVSS 7.1
CVE-2022-1753 MEDIUM
wowonder - Improper Access Control via group_id Parameter in requests.php
CVSS 5.4
CVE-2022-1553 MEDIUM
Publify < 9.2.8 - Unauthenticated Password-Protected Article Content Disclosure
CVSS 4.9
CVE-2022-0574 MEDIUM
GitHub publify/publify <9.2.8 - Info Disclosure
CVSS 6.5
CVE-2022-22282 CRITICAL
SonicWall SMA1000 - Improper Access Control
CVSS 9.8
CVE-2022-21182 HIGH
InHand Networks InRouter302 Firmware < 3.5.4 - Privilege Escalation via Router Configuration Import
CVSS 8.8
CVE-2022-26926 HIGH
Windows Address Book - Remote Code Execution
CVSS 7.8
Details
Vulnerabilities 5,311