CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,319 vulnerabilities with CWE-284
CVE-2020-3122
MEDIUM
Cisco AsyncOS - Unauthenticated Sensitive Network Information Exposure via Web Management Interface
CVSS 5.3
CVE-2020-35546
CRITICAL
Lexmark MX6500 LW75.JD.P296 - Info Disclosure
CVSS 9.1
CVE-2020-36838
HIGH
Facebook Chat Plugin <1.5 - Auth Bypass
CVSS 7.4
CVE-2020-36831
MEDIUM
NextScripts: Social Networks Auto-Poster <4.3.17 - Auth Bypass
CVSS 5.0
CVE-2020-26942
CRITICAL
Axigen Mail Server <10.3.1.27-10.3.3.1 - Privilege Escalation
CVSS 9.1
CVE-2020-36721
MEDIUM
WordPress Themes - Plugin Activation/Deactivation
CVSS 6.5
CVE-2020-36700
HIGH
Page Builder: KingComposer <= 2.9.3 - Authenticated Authorization Bypass via Nonce Leak
CVSS 8.8
CVE-2020-36699
MEDIUM
Quick Page/Post Redirect Plugin <5.1.9 - Auth Bypass
CVSS 4.3
CVE-2020-22655
HIGH
Ruckus APs and SmartZone Controllers - Persistent Unauthorized Firmware Write
CVSS 7.5
CVE-2020-8973
CRITICAL
ZGR TPS200 NG Firmware 2.00 - Unauthenticated Improper Access Control
CVSS 9.3
CVE-2020-1754
MEDIUM
Moodle <3.8.2, <3.7.5, <3.6.9, <3.5.11 - Info Disclosure
CVSS 4.3
CVE-2020-9754
MEDIUM
NAVER Whale < 1.10.6.2 - Improper Access Control via Incognito Mode Bypass
CVSS 5.3
CVE-2020-4107
HIGH
HCL Domino - Authenticated Insufficient Access Control
CVSS 8.8
CVE-2020-25160
MEDIUM
B. Braun SpaceCom < L81 and Data module compactplus A10-A11 - Improper Access Control
CVSS 6.8
CVE-2020-14504
MEDIUM
1734-AENTR Series B/C Firmware 4.001-4.004 - Unauthenticated Config Modification via HTTP POST
CVSS 5.3
CVE-2020-13677
HIGH
Drupal 8.0.0-8.9.18 - Improper Access Control in JSON:API Module
CVSS 7.5
CVE-2020-13676
MEDIUM
Drupal 8.9.0-8.9.18 and Drupal Core 8.0.0-8.9.18 - Improper Access Control in QuickEdit Module
CVSS 6.5
CVE-2020-13675
CRITICAL
Drupal 8.0.0-8.9.18 - Improper Access Control in JSON:API and REST/File Modules
CVSS 9.8
CVE-2020-10627
HIGH
Insulet Omnipod Insulin Management System Firmware - Improper Access Control via Wireless RF Communication
CVSS 7.3
CVE-2020-12488
MEDIUM
vivo jovi_smart_scene < 6.2.2.52 - Unauthenticated Sensitive Information Exposure via Command Injection
CVSS 5.5
CVE-2020-12030
CRITICAL
Emerson Wireless Gateway 4.6.43-4.7.84 Unauthenticated Firewall Bypass via VLAN
CVSS 10.0
CVE-2020-8300
MEDIUM
Citrix ADC and Gateway < 13.0-82.41, 12.1-62.23, 11.1-65.20 - SAML Authentication Hijack via Session Theft
CVSS 6.5
CVE-2020-14388
MEDIUM
Red Hat 3scale API Management Platform - Authenticated Improper Access Control
CVSS 6.3
CVE-2020-10145
HIGH
Adobe ColdFusion - Improper Access Control in Default Installation Directory
CVSS 7.8
CVE-2020-27831
MEDIUM
Red Hat Quay 3.0.0-3.3.2 - Improper Access Control in Email Notification Authorization
CVSS 4.3
Details
Vulnerabilities
5,319