CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,319 vulnerabilities with CWE-284
CVE-2021-34627
MEDIUM
WP Upload Restriction < 2.2.3 - Authenticated Information Disclosure via getSelectedMimeTypesByRole
CVSS 4.3
CVE-2021-34626
MEDIUM
WP Upload Restriction < 2.2.3 - Authenticated Custom Extension Deletion via deleteCustomType
CVSS 4.3
CVE-2021-28579
MEDIUM
Adobe Connect < 11.2.2 - Improper Access Control
CVSS 4.3
CVE-2021-21083
HIGH
AEM <6.5.7.0, <6.4.8.3, <6.3.3.8 - DoS
CVSS 7.5
CVE-2021-23845
HIGH
Bosch B426/B426-CN/B429-CN/B426-M Firmware < 03.08/03.10 - Session Hijacking via Configuration Web Page
CVSS 8.0
CVE-2021-24359
MEDIUM
The Plus Addons for Elementor Page Builder < 4.1.11 - Improper Access Control in Password Reset
CVSS 5.3
CVE-2021-25412
HIGH
GenericSSOService <SMR JUN-2021 Release 1 - Privilege Escalation
CVSS 7.8
CVE-2021-25405
MEDIUM
Samsung Notes <4.2.04.27 - Info Disclosure
CVSS 5.5
CVE-2021-32656
HIGH
Nextcloud Server <19.0.11-21.0.2 - Info Disclosure
CVSS 8.6
CVE-2021-32652
HIGH
Nextcloud Mail <1.4.3, <1.8.2 - Info Disclosure
CVSS 8.8
CVE-2021-24318
MEDIUM
Listeo < 1.6.11 - Authenticated Arbitrary Post/Page and Booking Deletion via IDOR
CVSS 6.5
CVE-2021-22907
HIGH
Citrix Workspace App for Windows < 2105 and 1912 LTSR < CU4 - Privilege Escalation
CVSS 7.8
CVE-2021-28798
HIGH
QNAP QTS 4.3.2.0144-4.3.3.1624 and QuTS hero < h4.5.2.1638 - Relative Path Traversal
CVSS 8.8
CVE-2021-1515
MEDIUM
Cisco SD-WAN vManage < 20.4.1 - Unauthenticated Sensitive Information Exposure via API Endpoint
CVSS 4.3
CVE-2021-1478
MEDIUM
Cisco Unified Communications Manager < 12.6 - Authenticated Denial of Service via JMX Port Access
CVSS 5.3
CVE-2021-1284
HIGH
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 & vManage <20.3.1 - Authentication Bypass
CVSS 8.8
CVE-2021-1477
MEDIUM
Cisco Secure Firewall Management Center < 6.4.0.12 - Authenticated Improper Access Control
CVSS 4.3
CVE-2021-22682
HIGH
Cscape <9.90 SP4 - Privilege Escalation
CVSS 7.8
CVE-2021-26909
LOW
Automox Agent < 31 - Unauthenticated Sensitive Information Exposure via S3 Bucket Endpoint
CVSS 3.7
CVE-2021-24238
MEDIUM
Findeo and Realteo < 1.3.1 and < 1.2.4 - Authenticated Arbitrary Property Deletion via property_id Parameter
CVSS 6.5
CVE-2021-0232
HIGH
Juniper Paragon Active Assurance Control Center < 2.35.6 - Improper Access Control
CVSS 7.4
CVE-2021-27258
CRITICAL
SolarWinds Orion Platform 2020.2 - Privilege Escalation
CVSS 9.8
CVE-2021-21399
CRITICAL
Ampache < 4.4.1 - Unauthenticated Access Control Bypass via Subsonic API
CVSS 9.1
CVE-2021-27598
MEDIUM
SAP NetWeaver AS JAVA - Info Disclosure
CVSS 5.3
CVE-2021-24219
MEDIUM
Thrivethemes Focusblog < 2.0.0 - Improper Access Control
CVSS 5.3
Details
Vulnerabilities
5,319