CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,326 vulnerabilities with CWE-284
CVE-2019-1866
LOW
Cisco Webex Business Suite <39.1.0 - SSRF
CVSS 3.1
CVE-2019-3942
HIGH
Advantech WebAccess 8.3.4 - Unauthenticated Arbitrary File Read via RPC
CVSS 7.5
CVE-2019-5162
HIGH
Moxa AWK-3131A <1.13 - Privilege Escalation
CVSS 8.8
CVE-2019-5136
HIGH
Moxa AWK-3131A <1.13 - Privilege Escalation
CVSS 8.8
CVE-2019-18998
HIGH
ABB Asset Suite <9.4.2.6-9.6.0 - Info Disclosure
CVSS 7.1
CVE-2019-6193
HIGH
Lenovo XClarity Administrator < 2.6.6 - Unauthenticated Information Disclosure via Configuration Files
CVSS 7.5
CVE-2019-6744
MEDIUM
Samsung Knox 1.2.02.39 - Unauthenticated Sensitive Information Disclosure via Secure Folder Lock Screen Bypass
CVSS 4.3
CVE-2019-15615
MEDIUM
Nextcloud Android App < 3.9.0 - Lock Protection Bypass via System Time Manipulation
CVSS 6.1
CVE-2019-5474
MEDIUM
GitLab 11.8.0-11.11.5 - Improper Access Control via Merge Request Approval Rules
CVSS 6.5
CVE-2019-15590
HIGH
GitLab < 12.3.5, < 12.2.8, < 12.1.14 - Unauthenticated Private Data Disclosure via Elasticsearch
CVSS 7.5
CVE-2019-15255
MEDIUM
Cisco Identity Services Engine - Authenticated Authorization Bypass via URL Sanitization Issue
CVSS 6.5
CVE-2019-14902
MEDIUM
Samba 4.9.0-4.11.4 - Improper Access Control in Subtree Permission Removal
CVSS 5.4
CVE-2019-18275
MEDIUM
OSIsoft PI Vision < 2019 - Improper Access Control
CVSS 6.5
CVE-2019-15999
MEDIUM
Cisco Data Center Network Manager < 11.3(1) - Authenticated Unauthorized Access to JBoss EAP
CVSS 6.3
CVE-2019-11780
HIGH
Odoo Community/E 13.0 - Info Disclosure
CVSS 8.1
CVE-2019-5487
MEDIUM
GitLab < 12.1.13 - Improper Access Control via Elasticsearch Group Search
CVSS 5.3
CVE-2019-15591
MEDIUM
GitLab < 12.3.3 - Unauthenticated Improper Access Control via Merge Request Widget
CVSS 6.5
CVE-2019-15589
HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Improper Access Control via CI/CD Token
CVSS 8.8
CVE-2019-18309
HIGH
SPPA-T3000 MS3000 Migration Server - Privilege Escalation via File Manipulation
CVSS 7.8
CVE-2019-18308
HIGH
SPPA-T3000 MS3000 Migration Server - Authenticated Privilege Escalation via File Manipulation
CVSS 7.8
CVE-2019-15998
MEDIUM
Cisco IOS XR - Improper Access Control in NETCONF over SSH
CVSS 5.3
CVE-2019-15967
MEDIUM
Cisco TelePresence CE/RoomOS - Privilege Escalation
CVSS 4.4
CVE-2019-15956
HIGH
Cisco AsyncOS Software - Privilege Escalation
CVSS 8.8
CVE-2019-5644
CRITICAL
Computing For Good's Basic Laboratory Information System < 3.5 - Unauthenticated Improper Access Control
CVSS 10.0
CVE-2019-5643
MEDIUM
Computing For Good's Basic Laboratory Information System < 3.5 - Unauthenticated User and Facility Name Enumeration
CVSS 5.3
Details
Vulnerabilities
5,326