CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,319 vulnerabilities with CWE-284
CVE-2021-24215
CRITICAL
Controlled Admin Access < 1.5.2 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2021-24198
HIGH
wpDataTables < 3.4.2 - Authenticated Improper Access Control via id_key and id_val Parameters
CVSS 8.1
CVE-2021-24197
HIGH
wpDataTables < 3.4.2 - Authenticated Improper Access Control via formdata[wdt_ID] Parameter
CVSS 8.1
CVE-2021-25359
MEDIUM
SELinux <SMR APR-2021 Release 1 - Info Disclosure
CVSS 4.0
CVE-2021-21431
HIGH
sopel-channelmgnt < 2.0.1 - Improper Access Control via Multi-User Kick Command
CVSS 7.6
CVE-2021-1467
MEDIUM
Cisco Webex Meetings for Android < 41.3 - Authenticated Avatar Modification via Improper Authorization
CVSS 4.3
CVE-2021-21425
CRITICAL
Grav Admin Plugin < 1.10.8 - Unauthenticated Arbitrary YAML Write via Administrator Controller
CVSS 9.3
CVE-2021-27653
MEDIUM
Pega platform <8.5.x - Info Disclosure
CVSS 6.6
CVE-2021-25349
MEDIUM
Slow Motion Editor <3.5.18.5 - Command Injection
CVSS 5.5
CVE-2021-1449
MEDIUM
Cisco Aironet Access Point Software - Authenticated Unsigned Code Execution via Boot Logic Bypass
CVSS 6.7
CVE-2021-24146
HIGH
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Information Disclosure via Export Function
CVSS 7.5
CVE-2021-25672
HIGH
Mendix Forgot Password < 3.2.1 - Improper Access Control
CVSS 8.8
CVE-2021-25340
MEDIUM
Samsung Keyboard <SMR Feb-2021 Release 1 - Info Disclosure
CVSS 5.1
CVE-2021-22877
MEDIUM
Nextcloud <20.0.6 - Info Disclosure
CVSS 6.5
CVE-2021-1231
MEDIUM
Nexus 9000 Series Fabric Switches - DoS
CVSS 4.7
CVE-2021-1228
HIGH
Cisco Nexus 9000 - Privilege Escalation
CVSS 7.4
CVE-2021-26559
MEDIUM
Apache Airflow 2.0.0 - Improper Access Control in Configurations Endpoint
CVSS 6.5
CVE-2021-22853
MEDIUM
Soar Cloud System - Info Disclosure
CVSS 5.4
CVE-2021-21045
HIGH
Adobe Acrobat and Reader DC < 20.013.20074 / 17.0-17.011.30188 Privilege Escalation
CVSS 8.2
CVE-2021-21020
MEDIUM
Magento <2.4.1, <2.4.0-p1, <2.3.6 - Auth Bypass
CVSS 5.3
CVE-2021-1389
MEDIUM
Cisco IOS XR and NX-OS - Unauthenticated IPv6 ACL Bypass via Crafted Traffic
CVSS 5.8
CVE-2021-1243
MEDIUM
Cisco IOS XR - Unauthenticated SNMP Access Bypass via Local Packet Transport Services
CVSS 5.3
CVE-2021-26118
HIGH
Apache ActiveMQ Artemis < 2.16.0 - Improper Access Control via OpenWire Advisory Message Creation
CVSS 7.5
CVE-2021-0205
MEDIUM
Juniper Networks Junos OS <17.3 - Info Disclosure
CVSS 5.8
CVE-2020-37116
HIGH
GUnet OpenEclass 1.7.3 - Improper Access Control via phpMyAdmin Remote Login
CVSS 8.8
Details
Vulnerabilities
5,319