CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,319 vulnerabilities with CWE-284
CVE-2020-3122 MEDIUM
Cisco AsyncOS - Unauthenticated Sensitive Network Information Exposure via Web Management Interface
CVSS 5.3
CVE-2020-35546 CRITICAL
Lexmark MX6500 LW75.JD.P296 - Info Disclosure
CVSS 9.1
CVE-2020-36838 HIGH
Facebook Chat Plugin <1.5 - Auth Bypass
CVSS 7.4
CVE-2020-36831 MEDIUM
NextScripts: Social Networks Auto-Poster <4.3.17 - Auth Bypass
CVSS 5.0
CVE-2020-26942 CRITICAL
Axigen Mail Server <10.3.1.27-10.3.3.1 - Privilege Escalation
CVSS 9.1
CVE-2020-36721 MEDIUM
WordPress Themes - Plugin Activation/Deactivation
CVSS 6.5
CVE-2020-36700 HIGH
Page Builder: KingComposer <= 2.9.3 - Authenticated Authorization Bypass via Nonce Leak
CVSS 8.8
CVE-2020-36699 MEDIUM
Quick Page/Post Redirect Plugin <5.1.9 - Auth Bypass
CVSS 4.3
CVE-2020-22655 HIGH
Ruckus APs and SmartZone Controllers - Persistent Unauthorized Firmware Write
CVSS 7.5
CVE-2020-8973 CRITICAL
ZGR TPS200 NG Firmware 2.00 - Unauthenticated Improper Access Control
CVSS 9.3
CVE-2020-1754 MEDIUM
Moodle <3.8.2, <3.7.5, <3.6.9, <3.5.11 - Info Disclosure
CVSS 4.3
CVE-2020-9754 MEDIUM
NAVER Whale < 1.10.6.2 - Improper Access Control via Incognito Mode Bypass
CVSS 5.3
CVE-2020-4107 HIGH
HCL Domino - Authenticated Insufficient Access Control
CVSS 8.8
CVE-2020-25160 MEDIUM
B. Braun SpaceCom < L81 and Data module compactplus A10-A11 - Improper Access Control
CVSS 6.8
CVE-2020-14504 MEDIUM
1734-AENTR Series B/C Firmware 4.001-4.004 - Unauthenticated Config Modification via HTTP POST
CVSS 5.3
CVE-2020-13677 HIGH
Drupal 8.0.0-8.9.18 - Improper Access Control in JSON:API Module
CVSS 7.5
CVE-2020-13676 MEDIUM
Drupal 8.9.0-8.9.18 and Drupal Core 8.0.0-8.9.18 - Improper Access Control in QuickEdit Module
CVSS 6.5
CVE-2020-13675 CRITICAL
Drupal 8.0.0-8.9.18 - Improper Access Control in JSON:API and REST/File Modules
CVSS 9.8
CVE-2020-10627 HIGH
Insulet Omnipod Insulin Management System Firmware - Improper Access Control via Wireless RF Communication
CVSS 7.3
CVE-2020-12488 MEDIUM
vivo jovi_smart_scene < 6.2.2.52 - Unauthenticated Sensitive Information Exposure via Command Injection
CVSS 5.5
CVE-2020-12030 CRITICAL
Emerson Wireless Gateway 4.6.43-4.7.84 Unauthenticated Firewall Bypass via VLAN
CVSS 10.0
CVE-2020-8300 MEDIUM
Citrix ADC and Gateway < 13.0-82.41, 12.1-62.23, 11.1-65.20 - SAML Authentication Hijack via Session Theft
CVSS 6.5
CVE-2020-14388 MEDIUM
Red Hat 3scale API Management Platform - Authenticated Improper Access Control
CVSS 6.3
CVE-2020-10145 HIGH
Adobe ColdFusion - Improper Access Control in Default Installation Directory
CVSS 7.8
CVE-2020-27831 MEDIUM
Red Hat Quay 3.0.0-3.3.2 - Improper Access Control in Email Notification Authorization
CVSS 4.3
Details
Vulnerabilities 5,319