CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,363 vulnerabilities with CWE-284
CVE-2013-2972 HIGH
IBM WebSphere Cast Iron 6.3 - Auth Bypass
CVSS 7.5
CVE-2013-6272 HIGH
Google Android 4.1.1-4.4.2 - Unauthenticated Phone Call and USSD Code Execution via NotificationBroadcastReceiver
CVSS 7.8
CVE-2013-6739 MEDIUM
IBM SPSS Modeler < 16.0.0.0 - Authenticated Access Control Bypass via SSO Token
CVSS 5.4
CVE-2013-4246 HIGH
Apache Subversion 1.8.x - Authenticated Repository Corruption via Packed Revision Properties
CVSS 8.8
CVE-2013-7461 MEDIUM
McAfee MCC <6.1.0 - Privilege Escalation
CVSS 5.5
CVE-2013-7460 MEDIUM
McAfee MAC <6.1.0 - Privilege Escalation
CVSS 5.5
CVE-2013-7293
ASUS WL-330NUL - Configuration Traffic Hijacking via DNS Hostname Misconfiguration
CVE-2013-4316
Apache Struts 2.0.0-2.3.15.1 - Dynamic Method Invocation
CVE-2013-2175
Debian Linux - Improper Access Control
CVE-2013-4213
Red Hat JBoss Enterprise Application Platform 6.1.0 - Remote Session Hijacking via EJB Client API
CVE-2013-2423 LOW KEV
Oracle JRE - Improper Access Control
CVSS 3.7
CVE-2013-0422 CRITICAL KEV
Oracle JDK 7 - Remote Code Execution via JMX MBean Instantiator and Reflection API
CVSS 9.8
CVE-2012-4380 HIGH
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - GlobalBlocking Extension IP Address Blocking Bypass
CVSS 7.5
CVE-2012-4379 MEDIUM
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - Clickjacking via Missing X-Frame-Options Header
CVSS 6.5
CVE-2012-6689 HIGH
Linux Kernel < 3.5.5 - Unauthenticated Netlink Message Spoofing via dst_pid Field
CVSS 7.8
CVE-2012-6442 HIGH
Rockwell Automation EtherNet/IP Firmware - Denial of Service via Unauthorized CIP Message
CVSS 7.5
CVE-2012-6439
Rockwellautomation Controllogix Controllers - Improper Access Control
CVE-2012-6435 HIGH
Rockwell Automation ControlLogix and GuardLogix < 20 - Denial of Service via CIP Message to Port 2222 or 44818
CVSS 7.5
CVE-2012-6068 CRITICAL
CODESYS Runtime System 2.3.x-2.4.x - Unauthenticated Remote Code Execution via TCP Listener Service
CVSS 9.8
CVE-2012-5076 CRITICAL KEV
Java Applet AverageRangeStatisticImpl Remote Code Execution
CVSS 9.8
CVE-2012-4681 CRITICAL KEV
Java 7 Applet Remote Code Execution
CVSS 9.8
CVE-2012-2351
Mahara <1.4.2 - Auth Bypass
CVE-2012-1723 CRITICAL KEV
Java Applet Field Bytecode Verifier Cache Remote Code Execution
CVSS 9.8
CVE-2012-2947
Asterisk Open Source <10.4.1 & Certified Asterisk <1.8.11-cert2 - DoS
CVE-2012-1327
Cisco IOS 12.3, 12.4, 15.0, 15.1 - Denial of Service via 802.11 Wireless Traffic
Details
Vulnerabilities 5,363