CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,326 vulnerabilities with CWE-284
CVE-2019-1866 LOW
Cisco Webex Business Suite <39.1.0 - SSRF
CVSS 3.1
CVE-2019-3942 HIGH
Advantech WebAccess 8.3.4 - Unauthenticated Arbitrary File Read via RPC
CVSS 7.5
CVE-2019-5162 HIGH
Moxa AWK-3131A <1.13 - Privilege Escalation
CVSS 8.8
CVE-2019-5136 HIGH
Moxa AWK-3131A <1.13 - Privilege Escalation
CVSS 8.8
CVE-2019-18998 HIGH
ABB Asset Suite <9.4.2.6-9.6.0 - Info Disclosure
CVSS 7.1
CVE-2019-6193 HIGH
Lenovo XClarity Administrator < 2.6.6 - Unauthenticated Information Disclosure via Configuration Files
CVSS 7.5
CVE-2019-6744 MEDIUM
Samsung Knox 1.2.02.39 - Unauthenticated Sensitive Information Disclosure via Secure Folder Lock Screen Bypass
CVSS 4.3
CVE-2019-15615 MEDIUM
Nextcloud Android App < 3.9.0 - Lock Protection Bypass via System Time Manipulation
CVSS 6.1
CVE-2019-5474 MEDIUM
GitLab 11.8.0-11.11.5 - Improper Access Control via Merge Request Approval Rules
CVSS 6.5
CVE-2019-15590 HIGH
GitLab < 12.3.5, < 12.2.8, < 12.1.14 - Unauthenticated Private Data Disclosure via Elasticsearch
CVSS 7.5
CVE-2019-15255 MEDIUM
Cisco Identity Services Engine - Authenticated Authorization Bypass via URL Sanitization Issue
CVSS 6.5
CVE-2019-14902 MEDIUM
Samba 4.9.0-4.11.4 - Improper Access Control in Subtree Permission Removal
CVSS 5.4
CVE-2019-18275 MEDIUM
OSIsoft PI Vision < 2019 - Improper Access Control
CVSS 6.5
CVE-2019-15999 MEDIUM
Cisco Data Center Network Manager < 11.3(1) - Authenticated Unauthorized Access to JBoss EAP
CVSS 6.3
CVE-2019-11780 HIGH
Odoo Community/E 13.0 - Info Disclosure
CVSS 8.1
CVE-2019-5487 MEDIUM
GitLab < 12.1.13 - Improper Access Control via Elasticsearch Group Search
CVSS 5.3
CVE-2019-15591 MEDIUM
GitLab < 12.3.3 - Unauthenticated Improper Access Control via Merge Request Widget
CVSS 6.5
CVE-2019-15589 HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Improper Access Control via CI/CD Token
CVSS 8.8
CVE-2019-18309 HIGH
SPPA-T3000 MS3000 Migration Server - Privilege Escalation via File Manipulation
CVSS 7.8
CVE-2019-18308 HIGH
SPPA-T3000 MS3000 Migration Server - Authenticated Privilege Escalation via File Manipulation
CVSS 7.8
CVE-2019-15998 MEDIUM
Cisco IOS XR - Improper Access Control in NETCONF over SSH
CVSS 5.3
CVE-2019-15967 MEDIUM
Cisco TelePresence CE/RoomOS - Privilege Escalation
CVSS 4.4
CVE-2019-15956 HIGH
Cisco AsyncOS Software - Privilege Escalation
CVSS 8.8
CVE-2019-5644 CRITICAL
Computing For Good's Basic Laboratory Information System < 3.5 - Unauthenticated Improper Access Control
CVSS 10.0
CVE-2019-5643 MEDIUM
Computing For Good's Basic Laboratory Information System < 3.5 - Unauthenticated User and Facility Name Enumeration
CVSS 5.3
Details
Vulnerabilities 5,326