CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,326 vulnerabilities with CWE-284
CVE-2020-3418 MEDIUM
Cisco IOS XE Wireless Controller - Info Disclosure
CVSS 4.7
CVE-2020-3396 MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.8
CVE-2020-15181 CRITICAL
Alfresco Reset Password <1.2.0 - Privilege Escalation
CVSS 9.3
CVE-2020-8028 CRITICAL
SUSE Manager <4.1 - Privilege Escalation
CVSS 9.3
CVE-2020-7531 HIGH
SCADAPack 7x Remote Connect < 3.6.3.574 - Unauthenticated Arbitrary Code Execution via Executable Placement
CVSS 7.8
CVE-2020-3522 MEDIUM
Cisco Data Center Network Manager < 11.4(1) - Authenticated Authorization Bypass via Crafted URL
CVSS 6.3
CVE-2020-16241 MEDIUM
Philips SureSigns VS4 Firmware < a.07.107 - Improper Access Control
CVSS 6.3
CVE-2020-3448 MEDIUM
Cisco Cyber Vision Center Software - Auth Bypass
CVSS 5.8
CVE-2020-3413 MEDIUM
Cisco Webex Meetings - Privilege Escalation
CVSS 4.3
CVE-2020-3412 MEDIUM
Cisco Webex Meetings - Privilege Escalation
CVSS 4.3
CVE-2020-5396 HIGH
VMware GemFire 9.7.0-9.7.5 and Tanzu GemFire for VMs 1.10.0-1.10.1 - Remote Code Execution via JMX MLet MBean
CVSS 8.8
CVE-2020-10731 CRITICAL
Red Hat OpenStack Platform 16 - Privilege Escalation
CVSS 9.9
CVE-2020-10930 MEDIUM
NETGEAR R6700 V1.0.4.84_10.0.58 - Info Disclosure
CVSS 6.5
CVE-2020-8207 HIGH
Citrix Workspace app <2006.1 - Privilege Escalation
CVSS 8.8
CVE-2020-15102 MEDIUM
PrestaShop Dashboard Productions <2.1.0 - Privilege Escalation
CVSS 6.5
CVE-2020-3144 CRITICAL
Cisco RV110W RV130 RV130W RV215W Firmware - Unauthenticated Remote Code Execution via Session Management Bypass
CVSS 9.8
CVE-2020-10288 CRITICAL
ABB RobotWare - Unauthenticated FTP Server Access via Empty Credential Bypass
CVSS 9.8
CVE-2020-14499 HIGH
Advantech iView < 5.6 - Unauthenticated User Credential Exposure via Improper Access Control
CVSS 7.5
CVE-2020-7578 HIGH
Opcenter Execution Core < 8.2 - Authenticated Improper Access Control
CVSS 8.1
CVE-2020-8196 MEDIUM KEV
Citrix ADC/Gateway <13.0-58.30 - Info Disclosure
CVSS 4.3
CVE-2020-8193 MEDIUM KEV
Citrix ADC/Gateway <13.0-58.30 - Info Disclosure
CVSS 6.5
CVE-2020-8179 MEDIUM
Nextcloud Deck 1.0.0 - Code Injection
CVSS 4.1
CVE-2020-15079 MEDIUM
PrestaShop <1.7.6.6 - Privilege Escalation
CVSS 6.4
CVE-2020-2500 CRITICAL
QNAP Helpdesk < 3.0.1 - Improper Access Control via API Key Exposure
CVSS 9.8
CVE-2020-12024 MEDIUM
Baxter ExactaMix EM 2400 and EM1200 Firmware - Unauthenticated Physical Access Control Bypass via USB Interface
CVSS 6.1
Details
Vulnerabilities 5,326