CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,319 vulnerabilities with CWE-284
CVE-2021-22565 MEDIUM
Exposure Notification <V1.1.2 - Info Disclosure
CVSS 6.5
CVE-2021-42124 HIGH
Ivanti Avalanche < 6.3.3 - Session Takeover via Inforail Service
CVSS 8.8
CVE-2021-35245 HIGH
Serv-U Console - Privilege Escalation
CVSS 8.4
CVE-2021-26334 CRITICAL
AMD Prof < 3.4.494 - Privilege Escalation via AMDPowerProfiler.sys Driver
CVSS 9.9
CVE-2021-3992 MEDIUM
kimai2 < 1.16.2 - Improper Access Control
CVSS 6.5
CVE-2021-4026 MEDIUM
BookStack < 21.11.2 - Improper Access Control
CVSS 4.3
CVE-2021-42116 MEDIUM
TopEase <= 7.1.27 - Authenticated Incorrect Access Control via Shape Editor and Settings
CVSS 4.3
CVE-2021-36917 MEDIUM
Hide My WP < 6.2.3 - Unauthenticated Plugin Deactivation via Reset Token
CVSS 6.5
CVE-2021-3554 CRITICAL
Bitdefender <6.6.27.390, <7.1.2.33, <6.2.21.160 - Info Disclosure
CVSS 9.0
CVE-2021-40130 MEDIUM
Cisco Common Services Platform Collector < 2.9.1.1 - Authenticated Arbitrary File Read via Syslog Configuration
CVSS 4.9
CVE-2021-36909 HIGH
WP Reset PRO <= 5.98 - Authenticated Database Reset
CVSS 8.8
CVE-2021-42360 HIGH
Starter Templates < 2.7.0 - Authenticated Arbitrary Post Overwrite via astra-page-elementor-batch-process AJAX Action
CVSS 7.6
CVE-2021-35528 HIGH
Hitachi Energy Retail Ops <5.7.3 - RCE
CVSS 7.2
CVE-2021-24853 MEDIUM
QR Redirector < 1.6 - Authenticated Improper Access Control via qr_save_bulk AJAX Action
CVSS 4.3
CVE-2021-26338 HIGH
AMD EPYC 7002 Series Firmware < romepi-sp3_1.0.0.c - Improper Access Control in System Management Unit
CVSS 7.5
CVE-2021-3062 HIGH
PAN-OS <8.1.20, <9.1.11 - Privilege Escalation
CVSS 8.1
CVE-2021-24816 MEDIUM
Phoenix Media Rename <3.4.4 - Privilege Escalation
CVSS 4.3
CVE-2021-24801 MEDIUM
WP Survey Plus < 1.0 - Unauthenticated Survey Manipulation and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-24698 MEDIUM
Simple Download Monitor <3.9.6 - Info Disclosure
CVSS 4.3
CVE-2021-42359 HIGH
WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion via admin-dismiss-unsubscribe AJAX Action
CVSS 7.5
CVE-2021-25501 MEDIUM
SCloudBnRReceiver <SMR Nov-2021 Release 1 - Privilege Escalation
CVSS 5.7
CVE-2021-40113 CRITICAL
Cisco Catalyst PON Series Switches ONT Firmware - Unauthenticated Improper Access Control
CVSS 10.0
CVE-2021-40112 CRITICAL
Cisco Catalyst PON Series Switches ONT Firmware - Unauthenticated Improper Access Control
CVSS 10.0
CVE-2021-34795 CRITICAL
Cisco Catalyst PON Series Switches ONT Firmware - Unauthenticated Improper Access Control
CVSS 10.0
CVE-2021-39333 HIGH
Hashthemes Demo Importer <= 1.1.1 - Authenticated Database Truncation and File Deletion via AJAX Functions
CVSS 8.1
Details
Vulnerabilities 5,319