CWE-552

Files or Directories Accessible to External Parties

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product makes files or directories accessible to unauthorized actors, even though they should not be.

474 vulnerabilities with CWE-552
CVE-2021-1256 MEDIUM
Cisco Firepower Threat Defense < 6.4.0 - Authenticated Arbitrary File Write via CLI Directory Traversal
CVSS 6.0
CVE-2021-21429 MEDIUM
OpenAPI Generator <v5.1.0 - Info Disclosure
CVSS 4.0
CVE-2021-24154 MEDIUM
WordPress Plugin <2.6 - Info Disclosure
CVSS 4.9
CVE-2021-1434 MEDIUM
Cisco IOS XE SD-WAN - Privilege Escalation
CVSS 4.4
CVE-2021-21355 HIGH
TYPO3 <8.7.40, 9.5.25, 10.4.14, 11.1.1 - Info Disclosure
CVSS 8.6
CVE-2021-20253 MEDIUM
Ansible-Tower - Privilege Escalation
CVSS 6.7
CVE-2021-1361 CRITICAL
Cisco Nexus - File Management Service RCE
CVSS 9.8
CVE-2021-20182 HIGH
OpenShift Container Platform 4.4-4.4.33 - Privilege Escalation via Chrooted Build Container
CVSS 8.8
CVE-2020-37082 CRITICAL
webERP 4.15.1 - Unauthenticated Database Backup File Access
CVSS 9.8
CVE-2020-35340 HIGH
ExpertPDF <14.1.0 - Local File Inclusion
CVSS 7.5
CVE-2020-25351 MEDIUM
rConfig 3.9.5 - Authenticated Arbitrary File Read via configcompare.crud.php
CVSS 6.5
CVE-2020-22124 HIGH
joyplus-cms 1.6 - Sensitive Information Exposure in config.php
CVSS 7.5
CVE-2020-27368 MEDIUM
TOTOLINK-A702R-V1.0.0-B20161227.1023 - Info Disclosure
CVSS 5.5
CVE-2020-17519 HIGH KEV
Apache Flink JobManager Traversal
CVSS 7.5
CVE-2020-35658 MEDIUM
SpamTitan < 7.09 - Unauthenticated Backup Tampering via Unencrypted Backup Files
CVSS 5.3
CVE-2020-26549 HIGH
Aviatrix Controller <R5.4.1290 - Info Disclosure
CVSS 7.5
CVE-2020-1908 MEDIUM
WhatsApp <2.20.100 - Privilege Escalation
CVSS 4.6
CVE-2020-26183 MEDIUM
Dell EMC NetWorker <19.3.0.2 - Privilege Escalation
CVSS 6.8
CVE-2020-26182 MEDIUM
Dell EMC NetWorker <19.3.0.2 - Privilege Escalation
CVSS 6.8
CVE-2020-11642 HIGH
B&R SiteManager <9.2.620236042 - DoS
CVSS 7.7
CVE-2020-11641 HIGH
B&R SiteManager <9.2.620236042 - Info Disclosure
CVSS 7.7
CVE-2020-15224 MEDIUM
Open Enclave <0.12.0 - Info Disclosure
CVSS 6.8
CVE-2020-15175 HIGH
GLPI < 9.5.2 - Unauthenticated Arbitrary File Deletion and Information Disclosure via pluginimage.send.php
CVSS 7.4
CVE-2020-25636 MEDIUM
Ansible - Unauthenticated Arbitrary File Write via AWS SSM Connection Plugin
CVSS 6.6
CVE-2020-13953 MEDIUM
Apache Tapestry <5.5.0 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 474
Links
MITRE CWE Entry Search this CWE With Exploits