CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,326 vulnerabilities with CWE-284
CVE-2019-5617 CRITICAL
Computing For Good's Basic Laboratory Information System < 3.4 - Unauthenticated Administrator Password Change
CVSS 10.0
CVE-2019-6144 MEDIUM
Forcepoint One Endpoint 19.04-19.08 - Authenticated DLP and Web Protection Bypass
CVSS 6.5
CVE-2019-15260 CRITICAL
Cisco Aironet 1540/1560/1800/2800/3800/4800 Firmware <8.5.151.0 - Privilege Escalation via URL Access Bypass
CVSS 9.8
CVE-2019-14838 MEDIUM
WildFly Core < 7.2.5.GA - Improper Access Control for Management Users
CVSS 4.9
CVE-2019-9531 CRITICAL
Cobham EXPLORER 710 <1.07 - Info Disclosure
CVSS 9.8
CVE-2019-9530 MEDIUM
Cobham EXPLORER 710 <1.07 - Info Disclosure
CVSS 5.5
CVE-2019-9529 MEDIUM
Cobham EXPLORER 710 - Info Disclosure
CVSS 5.5
CVE-2019-3653 MEDIUM
McAfee Endpoint Security < 10.6.1 - Unauthorized Access to Security Configuration via Configuration Tool
CVSS 4.6
CVE-2019-12670 MEDIUM
Cisco IOS XE - Authenticated Namespace Container Protection Bypass via Insufficient File Permissions
CVSS 6.7
CVE-2019-12648 HIGH
Cisco IOS - Authenticated Unauthorized Access to Guest OS via Incorrect RBAC Evaluation
CVSS 8.8
CVE-2019-15068 CRITICAL
Gigastone Smart Battery A4 Firmware <= r1.7.9 - Unauthenticated Administrator Password Reset
CVSS 9.8
CVE-2019-6810 HIGH
BMXNOR0200H Ethernet / Serial RTU module - Unauthenticated Command Execution via IEC 60870-5-104 Protocol
CVSS 8.8
CVE-2019-13919 MEDIUM
SINEMA Remote Connect Server < V2.0 SP1 - Info Disclosure
CVSS 4.3
CVE-2019-11899 HIGH
Bosch Access < 3.7 - Unauthenticated Sensitive Data Exposure via Windows SMB Protocol
CVSS 7.5
CVE-2019-13656 CRITICAL
CA Technologies Client Automation <14 - RCE
CVSS 9.8
CVE-2019-12627 HIGH
Cisco Firepower Threat Defense < 6.4.0.4 - Sensitive Data Exposure via Policy Misidentification
CVSS 7.5
CVE-2019-5036 HIGH
Nest Cam IQ Indoor Firmware 4620002 - Denial of Service via Weave Error Reporting
CVSS 7.5
CVE-2019-10938 CRITICAL
SIPROTEC 5 DIGSI Device Driver - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2019-10168 HIGH
libvirt <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10167 HIGH
libvirt <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10166 HIGH
libvirtd <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10189 MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10188 MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10187 MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10161 HIGH
libvirtd <4.10.1-5.4.1 - Info Disclosure
CVSS 7.8
Details
Vulnerabilities 5,326