CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,331 vulnerabilities with CWE-284
CVE-2018-10500
HIGH
Samsung Galaxy Apps <6.4.0.15 - Privilege Escalation
CVSS 7.0
CVE-2018-15610
HIGH
Avaya IP Office 9.1-10.1 - Authenticated Arbitrary File Read/Delete via one-X Portal
CVSS 7.3
CVE-2018-7791
CRITICAL
Schneider Electric's Modicon M221 - Privilege Escalation
CVSS 9.8
CVE-2018-0428
MEDIUM
Cisco Web Security Appliance - Authenticated Privilege Escalation to Root via CLI Subshell Escape
CVSS 6.7
CVE-2018-10630
CRITICAL
Crestron TSW-X60 <2.001.0037.001 & MC3 <1.502.0047.001 - Auth Bypass
CVSS 9.8
CVE-2018-11456
MEDIUM
Automation License Manager < 5.3.4.4 - Unauthenticated Network Port Scanning via Crafted Packets
CVSS 5.8
CVE-2018-10905
HIGH
CloudForms Management Engine - Privilege Escalation via dRuby Security Setting
CVSS 7.8
CVE-2018-0343
HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated Remote Code Execution or Denial of Service via HTTP Management Interface
CVSS 8.8
CVE-2018-1129
MEDIUM
Ceph <master,mimic,luminous,jewel - Auth Bypass
CVSS 6.5
CVE-2018-4858
HIGH
Siemens EC 61850 System Configurator ... - Improper Access Control
CVSS 7.8
CVE-2018-3762
MEDIUM
Nextcloud Server < 12.0.8 - Improper Access Control via File Preview Request
CVSS 4.3
CVE-2018-1080
HIGH
Dogtagpki < 10.6.1 - Improper Access Control
CVSS 7.5
CVE-2018-4845
HIGH
Siemens RAPIDPoint 400/500 and RAPIDLab 1200 Firmware - Authenticated Privilege Escalation via Remote View Feature
CVSS 8.8
CVE-2018-8922
MEDIUM
Synology Drive < 1.0.2-10275 - Authenticated Improper Access Control
CVSS 6.5
CVE-2018-7520
CRITICAL
Geutebruck G-Cam/EFD-2250 and TopFD-2125 - Unauthenticated Configuration Download Including Passwords
CVSS 9.8
CVE-2018-4844
MEDIUM
SIMATIC WinCC OA UI < 3.15.10 - Improper Access Control via HMI Project Cache Folder
CVSS 6.7
CVE-2018-1069
HIGH
Red Hat OpenShift Enterprise 3.7 - Improper Access Control for Container Network Filesystems
CVSS 7.1
CVE-2018-1168
HIGH
ABB MicroSCADA 9.3 - Privilege Escalation
CVSS 7.8
CVE-2018-0119
MEDIUM
Cisco Conference Director - Authenticated Improper Access Control via Token Reuse
CVSS 4.7
CVE-2017-20233
MEDIUM
Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass
CVSS 5.4
CVE-2017-20199
LOW
Buttercup buttercup-browser-extension <1.0.1 - Info Disclosure
CVSS 3.1
CVE-2017-20066
MEDIUM
Adminer Login <1.4.4 - Info Disclosure
CVSS 5.3
CVE-2017-18543
CRITICAL
WordPress <1.3.16 - Info Disclosure
CVSS 9.8
CVE-2017-18457
MEDIUM
cPanel 55.9999.61-56.0.45 - Unauthenticated Arbitrary File Read via WHM Styled URLs
CVSS 4.4
CVE-2017-18421
LOW
cPanel 60.0.3-60.0.45 - Improper Access Control
CVSS 3.3
Details
Vulnerabilities
5,331