CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,326 vulnerabilities with CWE-284
CVE-2020-25654
HIGH
Pacemaker < 1.1.23 - ACL Bypass via IPC Communication
CVSS 7.2
CVE-2020-7573
MEDIUM
EcoStruxure Building Operation WebReports 1.9-3.1 - Improper Access Control
CVSS 6.5
CVE-2020-7561
CRITICAL
Easergy T300 Firmware < 2.7 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2020-25701
MEDIUM
Moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Improper Access Control via Upload Course Tool
CVSS 5.3
CVE-2020-25698
HIGH
Moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Improper Access Control in Course Enrollment Restoration
CVSS 7.5
CVE-2020-8278
MEDIUM
Nextcloud Social <0.3.1 - Info Disclosure
CVSS 5.3
CVE-2020-3482
MEDIUM
Cisco Expressway and TelePresence VCS < X12.6.3 - Unauthenticated Network Access Control Bypass via TURN Server
CVSS 6.5
CVE-2020-26080
MEDIUM
Cisco IoT Field Network Director < 4.6.1 - Authenticated Improper Access Control via JSON Payload Manipulation
CVSS 4.1
CVE-2020-26077
MEDIUM
Cisco IoT Field Network Director < 4.6.1 - Authenticated Improper Access Control via API Request
CVSS 4.3
CVE-2020-26072
HIGH
Cisco IoT Field Network Director < 4.6.1 - Authenticated Improper Access Control via SOAP API
CVSS 8.7
CVE-2020-26224
HIGH
PrestaShop < 1.7.6.9 - Unauthenticated Order Enumeration via Cart Recreation Function
CVSS 7.5
CVE-2020-24441
MEDIUM
Adobe Acrobat Reader for Android <20.6.2 - Info Disclosure
CVSS 5.5
CVE-2020-3592
MEDIUM
Cisco SD-WAN vManage < 20.1.12 - Authenticated Authorization Bypass via Crafted HTTP Requests
CVSS 6.5
CVE-2020-3284
CRITICAL
Cisco IOS XR 64-bit Software - Unauthenticated Remote Code Execution via PXE Boot Loader
CVSS 9.8
CVE-2020-25662
MEDIUM
Red Hat Enterprise Linux - Information Disclosure via Bluetooth AMP Packet Handling
CVSS 5.3
CVE-2020-24433
HIGH
Adobe Acrobat Reader DC <2020.012.20048 - Privilege Escalation
CVSS 7.8
CVE-2020-16261
MEDIUM
Winston Privacy 1.5.4 - Unauthenticated Local Root Access via U-Boot Interrupt
CVSS 6.8
CVE-2020-3565
MEDIUM
Cisco Firepower Threat Defense < 6.4.0.8 - Unauthenticated Access Control Bypass via TCP Intercept
CVSS 5.8
CVE-2020-3564
MEDIUM
Cisco ASA & FTD FTP Inspection Bypass via Flow Tracking
CVSS 5.3
CVE-2020-10139
HIGH
Acronis True Image 2021 - Privilege Escalation via OpenSSL Configuration Path Manipulation
CVSS 7.8
CVE-2020-10138
HIGH
Acronis Cyber Backup <12.5 and Cyber Protect <15 - Privilege Escalation via OpenSSL Configuration File
CVSS 7.8
CVE-2020-1666
MEDIUM
Juniper Junos OS Evolved 18.4R1-EVO-20.2R1-EVO - Unauthenticated Session Resumption via Console Disconnect
CVSS 6.6
CVE-2020-8182
HIGH
Nextcloud Deck 0.8.0 - Privilege Escalation
CVSS 8.0
CVE-2020-3524
MEDIUM
Cisco IOS XE ROM Monitor < 16.2(1r) - Unauthenticated Secure Boot Bypass via Debugging Configuration Option
CVSS 6.8
CVE-2020-3503
MEDIUM
Cisco IOS XE - Authenticated Improper Access Control in File System Permissions
CVSS 6.0
Details
Vulnerabilities
5,326