CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,331 vulnerabilities with CWE-284
CVE-2018-10500 HIGH
Samsung Galaxy Apps <6.4.0.15 - Privilege Escalation
CVSS 7.0
CVE-2018-15610 HIGH
Avaya IP Office 9.1-10.1 - Authenticated Arbitrary File Read/Delete via one-X Portal
CVSS 7.3
CVE-2018-7791 CRITICAL
Schneider Electric's Modicon M221 - Privilege Escalation
CVSS 9.8
CVE-2018-0428 MEDIUM
Cisco Web Security Appliance - Authenticated Privilege Escalation to Root via CLI Subshell Escape
CVSS 6.7
CVE-2018-10630 CRITICAL
Crestron TSW-X60 <2.001.0037.001 & MC3 <1.502.0047.001 - Auth Bypass
CVSS 9.8
CVE-2018-11456 MEDIUM
Automation License Manager < 5.3.4.4 - Unauthenticated Network Port Scanning via Crafted Packets
CVSS 5.8
CVE-2018-10905 HIGH
CloudForms Management Engine - Privilege Escalation via dRuby Security Setting
CVSS 7.8
CVE-2018-0343 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated Remote Code Execution or Denial of Service via HTTP Management Interface
CVSS 8.8
CVE-2018-1129 MEDIUM
Ceph <master,mimic,luminous,jewel - Auth Bypass
CVSS 6.5
CVE-2018-4858 HIGH
Siemens EC 61850 System Configurator ... - Improper Access Control
CVSS 7.8
CVE-2018-3762 MEDIUM
Nextcloud Server < 12.0.8 - Improper Access Control via File Preview Request
CVSS 4.3
CVE-2018-1080 HIGH
Dogtagpki < 10.6.1 - Improper Access Control
CVSS 7.5
CVE-2018-4845 HIGH
Siemens RAPIDPoint 400/500 and RAPIDLab 1200 Firmware - Authenticated Privilege Escalation via Remote View Feature
CVSS 8.8
CVE-2018-8922 MEDIUM
Synology Drive < 1.0.2-10275 - Authenticated Improper Access Control
CVSS 6.5
CVE-2018-7520 CRITICAL
Geutebruck G-Cam/EFD-2250 and TopFD-2125 - Unauthenticated Configuration Download Including Passwords
CVSS 9.8
CVE-2018-4844 MEDIUM
SIMATIC WinCC OA UI < 3.15.10 - Improper Access Control via HMI Project Cache Folder
CVSS 6.7
CVE-2018-1069 HIGH
Red Hat OpenShift Enterprise 3.7 - Improper Access Control for Container Network Filesystems
CVSS 7.1
CVE-2018-1168 HIGH
ABB MicroSCADA 9.3 - Privilege Escalation
CVSS 7.8
CVE-2018-0119 MEDIUM
Cisco Conference Director - Authenticated Improper Access Control via Token Reuse
CVSS 4.7
CVE-2017-20233 MEDIUM
Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass
CVSS 5.4
CVE-2017-20199 LOW
Buttercup buttercup-browser-extension <1.0.1 - Info Disclosure
CVSS 3.1
CVE-2017-20066 MEDIUM
Adminer Login <1.4.4 - Info Disclosure
CVSS 5.3
CVE-2017-18543 CRITICAL
WordPress <1.3.16 - Info Disclosure
CVSS 9.8
CVE-2017-18457 MEDIUM
cPanel 55.9999.61-56.0.45 - Unauthenticated Arbitrary File Read via WHM Styled URLs
CVSS 4.4
CVE-2017-18421 LOW
cPanel 60.0.3-60.0.45 - Improper Access Control
CVSS 3.3
Details
Vulnerabilities 5,331