CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,326 vulnerabilities with CWE-284
CVE-2020-25654 HIGH
Pacemaker < 1.1.23 - ACL Bypass via IPC Communication
CVSS 7.2
CVE-2020-7573 MEDIUM
EcoStruxure Building Operation WebReports 1.9-3.1 - Improper Access Control
CVSS 6.5
CVE-2020-7561 CRITICAL
Easergy T300 Firmware < 2.7 - Unauthenticated Improper Access Control
CVSS 9.8
CVE-2020-25701 MEDIUM
Moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Improper Access Control via Upload Course Tool
CVSS 5.3
CVE-2020-25698 HIGH
Moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Improper Access Control in Course Enrollment Restoration
CVSS 7.5
CVE-2020-8278 MEDIUM
Nextcloud Social <0.3.1 - Info Disclosure
CVSS 5.3
CVE-2020-3482 MEDIUM
Cisco Expressway and TelePresence VCS < X12.6.3 - Unauthenticated Network Access Control Bypass via TURN Server
CVSS 6.5
CVE-2020-26080 MEDIUM
Cisco IoT Field Network Director < 4.6.1 - Authenticated Improper Access Control via JSON Payload Manipulation
CVSS 4.1
CVE-2020-26077 MEDIUM
Cisco IoT Field Network Director < 4.6.1 - Authenticated Improper Access Control via API Request
CVSS 4.3
CVE-2020-26072 HIGH
Cisco IoT Field Network Director < 4.6.1 - Authenticated Improper Access Control via SOAP API
CVSS 8.7
CVE-2020-26224 HIGH
PrestaShop < 1.7.6.9 - Unauthenticated Order Enumeration via Cart Recreation Function
CVSS 7.5
CVE-2020-24441 MEDIUM
Adobe Acrobat Reader for Android <20.6.2 - Info Disclosure
CVSS 5.5
CVE-2020-3592 MEDIUM
Cisco SD-WAN vManage < 20.1.12 - Authenticated Authorization Bypass via Crafted HTTP Requests
CVSS 6.5
CVE-2020-3284 CRITICAL
Cisco IOS XR 64-bit Software - Unauthenticated Remote Code Execution via PXE Boot Loader
CVSS 9.8
CVE-2020-25662 MEDIUM
Red Hat Enterprise Linux - Information Disclosure via Bluetooth AMP Packet Handling
CVSS 5.3
CVE-2020-24433 HIGH
Adobe Acrobat Reader DC <2020.012.20048 - Privilege Escalation
CVSS 7.8
CVE-2020-16261 MEDIUM
Winston Privacy 1.5.4 - Unauthenticated Local Root Access via U-Boot Interrupt
CVSS 6.8
CVE-2020-3565 MEDIUM
Cisco Firepower Threat Defense < 6.4.0.8 - Unauthenticated Access Control Bypass via TCP Intercept
CVSS 5.8
CVE-2020-3564 MEDIUM
Cisco ASA & FTD FTP Inspection Bypass via Flow Tracking
CVSS 5.3
CVE-2020-10139 HIGH
Acronis True Image 2021 - Privilege Escalation via OpenSSL Configuration Path Manipulation
CVSS 7.8
CVE-2020-10138 HIGH
Acronis Cyber Backup <12.5 and Cyber Protect <15 - Privilege Escalation via OpenSSL Configuration File
CVSS 7.8
CVE-2020-1666 MEDIUM
Juniper Junos OS Evolved 18.4R1-EVO-20.2R1-EVO - Unauthenticated Session Resumption via Console Disconnect
CVSS 6.6
CVE-2020-8182 HIGH
Nextcloud Deck 0.8.0 - Privilege Escalation
CVSS 8.0
CVE-2020-3524 MEDIUM
Cisco IOS XE ROM Monitor < 16.2(1r) - Unauthenticated Secure Boot Bypass via Debugging Configuration Option
CVSS 6.8
CVE-2020-3503 MEDIUM
Cisco IOS XE - Authenticated Improper Access Control in File System Permissions
CVSS 6.0
Details
Vulnerabilities 5,326