CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,332 vulnerabilities with CWE-284
CVE-2016-2930 HIGH
IBM BigFix Remote Control 9.1.3 - Unauthenticated Privilege Escalation
CVSS 7.5
CVE-2016-8588 HIGH
Trend Micro Threat Discovery Appliance <2.6.1062r1 - Authenticated RCE
CVSS 7.3
CVE-2016-8587 HIGH
Trend Micro Threat Discovery Appliance <2.6.1062r1 - Authenticated RCE
CVSS 7.3
CVE-2016-8584 CRITICAL
Trend Micro Threat Discovery Appliance <2.6.1062r1 - Auth Bypass
CVSS 9.8
CVE-2016-5551 LOW
Oracle Solaris Cluster 4.3 - Unauthenticated Improper Access Control in NAS Device Addition
CVSS 2.8
CVE-2016-2433 HIGH
Android < 6.0.1 - Remote Code Execution in Broadcom Wi-Fi Driver
CVSS 8.8
CVE-2016-1518 HIGH
Grandstream Wave app <1.0.1.26 - SSRF
CVSS 8.1
CVE-2016-3733 MEDIUM
Moodle <3.0.3-<2.8.11 - Privilege Escalation
CVSS 4.3
CVE-2016-3729 MEDIUM
Moodle <3.0.3, <2.9.5, <2.8.11, <2.7.13 - Privilege Escalation
CVSS 6.5
CVE-2016-4850 HIGH
LINE for Windows < 4.8.2.1125 - Remote Code Execution
CVSS 8.1
CVE-2016-1220 MEDIUM
Cybozu Garoon <4.2.2 - Info Disclosure
CVSS 4.3
CVE-2016-6338 MEDIUM
ovirt-engine-webadmin - Privilege Escalation
CVSS 6.8
CVE-2016-6337 HIGH
MediaWiki 1.27.x - Improper Access Control via UserGetRights Function
CVSS 7.5
CVE-2016-6336 MEDIUM
MediaWiki <1.23.15, <1.26.x-1.26.4, <1.27.x-1.27.1 - Auth Bypass
CVSS 6.5
CVE-2016-6331 HIGH
MediaWiki <1.23.15, <1.26.4, <1.27.1 - Auth Bypass
CVSS 7.5
CVE-2016-4874 LOW
Cybozu Office 9.0.0-10.4.0 - Reflected File Download via Improper Access Control
CVSS 3.5
CVE-2016-7032 HIGH
Sudo < 1.8.15 - Unauthenticated Command Execution Bypass via system or popen Functions
CVSS 7.0
CVE-2016-4032 MEDIUM
Samsung Galaxy S6, Note 3, S4 mini, S4 mini LTE, S4 - Improper Access Control via AT Command Injection
CVSS 4.6
CVE-2016-4031 MEDIUM
Samsung Devices - Command Injection
CVSS 6.8
CVE-2016-4030 MEDIUM
Samsung Galaxy S6, Note 3, S4 mini, S4 mini LTE, S4 - Unauthenticated Modem Access via USB Configuration
CVSS 6.8
CVE-2016-6143 CRITICAL
SAP HANA DB <1.00.73.00.389160 - RCE
CVSS 9.8
CVE-2016-4800 CRITICAL
Eclipse Jetty 9.3.0-9.3.8 - Improper Access Control via Path Normalization Bypass
CVSS 9.8
CVE-2016-1178 MEDIUM
a-blog cms <2.6.0.1 - Info Disclosure
CVSS 6.5
CVE-2016-6605 HIGH
Cloudera CDH 5.2.0-5.7.2 and 5.8.0 - Improper Access Control in Impala
CVSS 7.5
CVE-2016-5058 HIGH
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 - Zigbee Replay Attack
CVSS 7.5
Details
Vulnerabilities 5,332