CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,319 vulnerabilities with CWE-284
CVE-2020-25634 MEDIUM
Red Hat 3scale < 2.10.0 - Unauthenticated Sensitive Information Exposure via API Docs URL
CVSS 5.4
CVE-2020-15279 MEDIUM
Bitdefender Endpoint Security Tools <6.6.23.320 - Info Disclosure
CVSS 4.0
CVE-2020-36197 HIGH
QNAP Music Station < 5.3.16 - Improper Access Control
CVSS 7.1
CVE-2020-7038 HIGH
Avaya Equinox Conferencing 9.0.0-9.1.11 - Unauthenticated Access to Screen Sharing and Whiteboard Sessions
CVSS 7.5
CVE-2020-9668 HIGH
Adobe Genuine Service < 6.6 - Unauthenticated Privilege Escalation via Symbolic Link Handling
CVSS 7.8
CVE-2020-29020 CRITICAL
Secomea SiteManager < 9.4.620527004 - Improper Access Control in Web Service
CVSS 9.1
CVE-2020-8902 LOW
Rendertron < 3.0.0 - Server-Side Request Forgery via Headless Chrome Process
CVSS 3.5
CVE-2020-25238 HIGH
SIMATIC PCS neo < 3.1 and TIA Portal V15-V16 - Authenticated Privilege Escalation via File Manipulation
CVSS 7.8
CVE-2020-14312 MEDIUM
Fedora < 31 - Unauthenticated Distributed Denial of Service via Open DNS Resolver Configuration
CVSS 5.9
CVE-2020-27873 MEDIUM
NETGEAR AC2100 R7450 < 1.2.0.76 - Unauthenticated Sensitive Information Disclosure via SOAP API
CVSS 6.5
CVE-2020-2506 HIGH KEV
QNAP Helpdesk < 3.0.3 - Improper Access Control
CVSS 7.3
CVE-2020-8275 MEDIUM
Citrix Secure Mail for Android <20.11.0 - Info Disclosure
CVSS 4.3
CVE-2020-2504 MEDIUM
QNAP QES < 2.1.1 - Path Traversal in File Station
CVSS 5.8
CVE-2020-35497 MEDIUM
ovirt-engine < 4.4.3 - Authenticated Improper Access Control
CVSS 6.5
CVE-2020-10143 HIGH
Macrium Reflect < 7.3.5281 - Privilege Escalation via OpenSSL Configuration Path Manipulation
CVSS 7.8
CVE-2020-25629 HIGH
Moodle 3.5.0-3.5.13, 3.7.0-3.7.7, 3.8.0-3.8.4, 3.9.0-3.9.1 - Privilege Escalation via 'Log in as' Capability
CVSS 8.8
CVE-2020-7547 HIGH
EcoStruxure and SmartStruxure Power Monitoring and SCADA Software - Improper Access Control via Web Interface
CVSS 8.8
CVE-2020-7545 HIGH
EcoStruxure & SmartStruxure Power Monitoring/SCADA - Authenticated RCE via Web Access
CVSS 7.2
CVE-2020-25654 HIGH
Pacemaker < 1.1.23 - ACL Bypass via IPC Communication
CVSS 7.2
CVE-2020-7573 MEDIUM
EcoStruxure Building Operation WebReports 1.9-3.1 - Improper Access Control
CVSS 6.5
CVE-2020-7561 CRITICAL
Easergy T300 Firmware < 2.7 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2020-25701 MEDIUM
Moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Improper Access Control via Upload Course Tool
CVSS 5.3
CVE-2020-25698 HIGH
Moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Improper Access Control in Course Enrollment Restoration
CVSS 7.5
CVE-2020-8278 MEDIUM
Nextcloud Social <0.3.1 - Info Disclosure
CVSS 5.3
CVE-2020-3482 MEDIUM
Cisco Expressway and TelePresence VCS < X12.6.3 - Unauthenticated Network Access Control Bypass via TURN Server
CVSS 6.5
Details
Vulnerabilities 5,319