CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2015-6862 HIGH
HPE UCMDB Browser - Exposure of Sensitive Information
CVSS 8.4
CVE-2015-5017 MEDIUM
IBM Maximo Asset Management 7.1-7.1.1.13, 7.5.0-7.5.0.8, 7.6.0-7.6.0.2 - Authenticated Access Control Bypass
CVSS 5.4
CVE-2015-1985 MEDIUM
IBM MQ Appliance M2000 < 8.0.0.4 - Unauthenticated Private Key Exposure via Stash File
CVSS 5.6
CVE-2015-6851 MEDIUM
RSA SecurID Web Agent < 7.2.1 - Authentication Bypass via DOM Inspector
CVSS 6.7
CVE-2015-1836 HIGH
IBM InfoSphere BigInsights 3.0-3.0.0.2 - Improper Access Control in ZooKeeper Coordination State
CVSS 7.3
CVE-2015-7055
tvOS < 9.1 - Arbitrary Code Execution via AppleMobileFileIntegrity Access Control Bypass
CVE-2015-6848
EMC Isilon OneFS 7.1.x < 7.1.1.5, 7.2.0.x < 7.2.0.3, 7.2.1.x < 7.2.1.1 - Authenticated Privilege Escalation
CVE-2015-5325
Jenkins <1.638, <1.625.2 - Auth Bypass
CVE-2015-7865
NVIDIA GPU <341.92, <354.35, <358.87 - Privilege Escalation
CVE-2015-5053
NVIDIA GPU Driver R346 < 346.87 and R352 < 352.41 (Linux) / < 352.46 (GRID) - Privilege Escalation
CVE-2015-7910
Exemys Telemetry Web Server - Auth Bypass
CVE-2015-6478
Unitronics VisiLogic OPLC IDE < 9.8.02 - Improper Access Control to ActiveX Controls
CVE-2015-6366
Cisco IOS 15.2(04)M6 and 15.4(03)S - Improper Access Control via Tunnel Interface Bypass
CVE-2015-8001
MediaWiki <1.23.11, <1.24.4, <1.25.3 - DoS
CVE-2015-7395
IBM Maximo Asset Management Access Control Bypass (7.1-7.1.1.13, 7.5.0 < 7.5.0.8 IFIX005, 7.6.0 < 7.6.0.2 FP002)
CVE-2015-7244
MobaXterm < 8.2 - Unauthenticated Remote Command Execution via X11 Connection
CVE-2015-6867
OpenText Vertica 7.1.1 - Unauthenticated Remote Code Execution via vertica-udx-zygote Process
CVE-2015-7899
Joomla! 3.x - Improper Access Control in com_content Component
CVE-2015-3971
Janitza UMG - Remote Code Execution
CVE-2015-7881
Colorbox module <7.x-2.10 - Auth Bypass
CVE-2015-6984
macOS < 10.11.1 - Arbitrary File Write via Symlink Attack
CVE-2015-4902 MEDIUM KEV
Oracle JDK and JRE - Improper Access Control
CVSS 5.3
CVE-2015-7184
Firefox < 41.0.1 - Same Origin Policy Bypass via Fetch API
CVE-2015-7369
Revive Adserver < 3.2.1 - Improper Access Control via Flash Cross-Domain Policy
CVE-2015-7367
Revive Adserver < 3.2.1 - Unauthenticated Session Persistence After User Deletion
Details
Vulnerabilities 5,345