CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,331 vulnerabilities with CWE-284
CVE-2017-18416 MEDIUM
cPanel < 56.0.52 - Arbitrary File Overwrite during Roundcube SQLite Schema Update
CVSS 5.5
CVE-2017-18404 LOW
cPanel < 62.0.35 - Unauthenticated Domain Data Deletion via .lock TLD
CVSS 3.1
CVE-2017-18403 MEDIUM
cPanel 61.9999.55-61.9999.9999 - Remote Code Execution via Mailman Archives
CVSS 6.3
CVE-2017-18385 MEDIUM
cPanel 61.9999.55-62.0.35 - Unauthenticated Improper Access Control during Account Restore
CVSS 5.5
CVE-2017-18384 LOW
cPanel 61.9999.55-61.9999.9999 - Improper Access Control via Jailed Account File Restore
CVSS 3.8
CVE-2017-18380 HIGH
edx-platform < 2017-08-03 - Password Reset Link Manipulation
CVSS 7.5
CVE-2017-10721 MEDIUM
Shekar Endoscope Camera Firmware - Unauthenticated Telnet Access
CVSS 6.5
CVE-2017-11365 CRITICAL
Symfony 2.7.30-2.7.31, 2.8.23, 3.2.10, 3.3.3 - Improper Access Control in Password Validator
CVSS 9.8
CVE-2017-5212 CRITICAL
Open-Xchange GmbH OX App Suite 7.8.3 - Info Disclosure
CVSS 9.8
CVE-2017-8340 HIGH
Open-xchange Appsuite < 7.8.3 - Improper Access Control
CVSS 8.8
CVE-2017-6912 HIGH
Open-Xchange GmbH OX App Suite <7.8.3 - Info Disclosure
CVSS 8.8
CVE-2017-5863 CRITICAL
Open-Xchange AppSuite < 7.8.3 - Improper Access Control
CVSS 9.8
CVE-2017-7912 CRITICAL
Hanwha Techwin SRN-4000 Firmware < 2.16_170401 - Unauthenticated Admin Access via Crafted HTTP Request
CVSS 9.8
CVE-2017-9626 CRITICAL
Marel Food Processing Systems Pluto - Unauthenticated RCE
CVSS 9.8
CVE-2017-7497 MEDIUM
Red Hat CloudForms Management Engine - Improper Access Control in Cloud Volume Creation Dialog
CVSS 4.1
CVE-2017-12171 MEDIUM
Red Hat Enterprise Linux 6.9 - Info Disclosure
CVSS 6.5
CVE-2017-2664 MEDIUM
CloudForms Management Engine < 5.7.3 and 5.8.x < 5.8.1 - Privilege Escalation via Unprotected Rails Application Methods
CVSS 6.5
CVE-2017-18101 MEDIUM
Atlassian JIRA <7.6.5, 7.7.0-7.7.3, 7.8.0-7.8.3 - Unauthenticated Import Execution
CVSS 6.5
CVE-2017-9285 MEDIUM
NetIQ eDirectory <9.0 SP4 - Privilege Escalation
CVSS 5.4
CVE-2017-12191 HIGH
Red Hat CloudForms - Improper Access Control via VMware Shared Account
CVSS 7.4
CVE-2017-18035 MEDIUM
Atlassian Fisheye and Crucible < 4.5.1 - Unauthenticated Information Disclosure via Review Coverage Chart Endpoint
CVSS 4.3
CVE-2017-9513 MEDIUM
Atlassian Activity Streams <6.3.0 - Privilege Escalation
CVSS 5.4
CVE-2017-15131 HIGH
xdg-user-dirs < 0.15.5 - Improper Access Control via Umask Policy Bypass
CVSS 7.8
CVE-2017-16766 MEDIUM
Synology DSM <6.1.4-15217, <6.0.3-8754-6 - XSS
CVSS 6.5
CVE-2017-5254 HIGH
Cambium Networks ePMP <3.5 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 5,331