CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,319 vulnerabilities with CWE-284
CVE-2021-22565
MEDIUM
Exposure Notification <V1.1.2 - Info Disclosure
CVSS 6.5
CVE-2021-42124
HIGH
Ivanti Avalanche < 6.3.3 - Session Takeover via Inforail Service
CVSS 8.8
CVE-2021-35245
HIGH
Serv-U Console - Privilege Escalation
CVSS 8.4
CVE-2021-26334
CRITICAL
AMD Prof < 3.4.494 - Privilege Escalation via AMDPowerProfiler.sys Driver
CVSS 9.9
CVE-2021-3992
MEDIUM
kimai2 < 1.16.2 - Improper Access Control
CVSS 6.5
CVE-2021-4026
MEDIUM
BookStack < 21.11.2 - Improper Access Control
CVSS 4.3
CVE-2021-42116
MEDIUM
TopEase <= 7.1.27 - Authenticated Incorrect Access Control via Shape Editor and Settings
CVSS 4.3
CVE-2021-36917
MEDIUM
Hide My WP < 6.2.3 - Unauthenticated Plugin Deactivation via Reset Token
CVSS 6.5
CVE-2021-3554
CRITICAL
Bitdefender <6.6.27.390, <7.1.2.33, <6.2.21.160 - Info Disclosure
CVSS 9.0
CVE-2021-40130
MEDIUM
Cisco Common Services Platform Collector < 2.9.1.1 - Authenticated Arbitrary File Read via Syslog Configuration
CVSS 4.9
CVE-2021-36909
HIGH
WP Reset PRO <= 5.98 - Authenticated Database Reset
CVSS 8.8
CVE-2021-42360
HIGH
Starter Templates < 2.7.0 - Authenticated Arbitrary Post Overwrite via astra-page-elementor-batch-process AJAX Action
CVSS 7.6
CVE-2021-35528
HIGH
Hitachi Energy Retail Ops <5.7.3 - RCE
CVSS 7.2
CVE-2021-24853
MEDIUM
QR Redirector < 1.6 - Authenticated Improper Access Control via qr_save_bulk AJAX Action
CVSS 4.3
CVE-2021-26338
HIGH
AMD EPYC 7002 Series Firmware < romepi-sp3_1.0.0.c - Improper Access Control in System Management Unit
CVSS 7.5
CVE-2021-3062
HIGH
PAN-OS <8.1.20, <9.1.11 - Privilege Escalation
CVSS 8.1
CVE-2021-24816
MEDIUM
Phoenix Media Rename <3.4.4 - Privilege Escalation
CVSS 4.3
CVE-2021-24801
MEDIUM
WP Survey Plus < 1.0 - Unauthenticated Survey Manipulation and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-24698
MEDIUM
Simple Download Monitor <3.9.6 - Info Disclosure
CVSS 4.3
CVE-2021-42359
HIGH
WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion via admin-dismiss-unsubscribe AJAX Action
CVSS 7.5
CVE-2021-25501
MEDIUM
SCloudBnRReceiver <SMR Nov-2021 Release 1 - Privilege Escalation
CVSS 5.7
CVE-2021-40113
CRITICAL
Cisco Catalyst PON Series Switches ONT Firmware - Unauthenticated Improper Access Control
CVSS 10.0
CVE-2021-40112
CRITICAL
Cisco Catalyst PON Series Switches ONT Firmware - Unauthenticated Improper Access Control
CVSS 10.0
CVE-2021-34795
CRITICAL
Cisco Catalyst PON Series Switches ONT Firmware - Unauthenticated Improper Access Control
CVSS 10.0
CVE-2021-39333
HIGH
Hashthemes Demo Importer <= 1.1.1 - Authenticated Database Truncation and File Deletion via AJAX Functions
CVSS 8.1
Details
Vulnerabilities
5,319