CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,319 vulnerabilities with CWE-284
CVE-2021-24215 CRITICAL
Controlled Admin Access < 1.5.2 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2021-24198 HIGH
wpDataTables < 3.4.2 - Authenticated Improper Access Control via id_key and id_val Parameters
CVSS 8.1
CVE-2021-24197 HIGH
wpDataTables < 3.4.2 - Authenticated Improper Access Control via formdata[wdt_ID] Parameter
CVSS 8.1
CVE-2021-25359 MEDIUM
SELinux <SMR APR-2021 Release 1 - Info Disclosure
CVSS 4.0
CVE-2021-21431 HIGH
sopel-channelmgnt < 2.0.1 - Improper Access Control via Multi-User Kick Command
CVSS 7.6
CVE-2021-1467 MEDIUM
Cisco Webex Meetings for Android < 41.3 - Authenticated Avatar Modification via Improper Authorization
CVSS 4.3
CVE-2021-21425 CRITICAL
Grav Admin Plugin < 1.10.8 - Unauthenticated Arbitrary YAML Write via Administrator Controller
CVSS 9.3
CVE-2021-27653 MEDIUM
Pega platform <8.5.x - Info Disclosure
CVSS 6.6
CVE-2021-25349 MEDIUM
Slow Motion Editor <3.5.18.5 - Command Injection
CVSS 5.5
CVE-2021-1449 MEDIUM
Cisco Aironet Access Point Software - Authenticated Unsigned Code Execution via Boot Logic Bypass
CVSS 6.7
CVE-2021-24146 HIGH
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Information Disclosure via Export Function
CVSS 7.5
CVE-2021-25672 HIGH
Mendix Forgot Password < 3.2.1 - Improper Access Control
CVSS 8.8
CVE-2021-25340 MEDIUM
Samsung Keyboard <SMR Feb-2021 Release 1 - Info Disclosure
CVSS 5.1
CVE-2021-22877 MEDIUM
Nextcloud <20.0.6 - Info Disclosure
CVSS 6.5
CVE-2021-1231 MEDIUM
Nexus 9000 Series Fabric Switches - DoS
CVSS 4.7
CVE-2021-1228 HIGH
Cisco Nexus 9000 - Privilege Escalation
CVSS 7.4
CVE-2021-26559 MEDIUM
Apache Airflow 2.0.0 - Improper Access Control in Configurations Endpoint
CVSS 6.5
CVE-2021-22853 MEDIUM
Soar Cloud System - Info Disclosure
CVSS 5.4
CVE-2021-21045 HIGH
Adobe Acrobat and Reader DC < 20.013.20074 / 17.0-17.011.30188 Privilege Escalation
CVSS 8.2
CVE-2021-21020 MEDIUM
Magento <2.4.1, <2.4.0-p1, <2.3.6 - Auth Bypass
CVSS 5.3
CVE-2021-1389 MEDIUM
Cisco IOS XR and NX-OS - Unauthenticated IPv6 ACL Bypass via Crafted Traffic
CVSS 5.8
CVE-2021-1243 MEDIUM
Cisco IOS XR - Unauthenticated SNMP Access Bypass via Local Packet Transport Services
CVSS 5.3
CVE-2021-26118 HIGH
Apache ActiveMQ Artemis < 2.16.0 - Improper Access Control via OpenWire Advisory Message Creation
CVSS 7.5
CVE-2021-0205 MEDIUM
Juniper Networks Junos OS <17.3 - Info Disclosure
CVSS 5.8
CVE-2020-37116 HIGH
GUnet OpenEclass 1.7.3 - Improper Access Control via phpMyAdmin Remote Login
CVSS 8.8
Details
Vulnerabilities 5,319