Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-39259 1Dell 1Os Recovery Tool Nov 21, 2024 Nov 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading t...Show more Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. Show less
CVE-2023-31100 1Phoenixtech 1Securecore Technology Sep 25, 2025 Nov 15, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4....Show more Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before 4.5.0.138Show less
CVE-2023-41570 1Mikrotik 1Routeros Nov 21, 2024 Nov 14, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.
CVE-2023-39228 1Intel 1Unison Software Nov 21, 2024 Nov 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2023-39221 1Intel 1Unison Software Nov 21, 2024 Nov 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
CVE-2023-38411 1Intel 1Smart Campus Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-33872 1Intel 1Support Nov 21, 2024 Nov 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-32279 1Intel 1Connectivity Performance Suite Nov 21, 2024 Nov 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.
CVE-2023-32204 1Intel 1One Boot Flash Update Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-29157 1Intel 1One Boot Flash Update Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-28397 1Intel 1Aptio V Uefi Firmware Integrator Tools Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access.
CVE-2023-27879 1Intel 4Optane Memory H20 With Solid State Storage Firmware Optane Ssd 905p FirmwareOptane Ssd Dc P4800x Firmware+1 more Nov 21, 2024 Nov 14, 2023 N/A· v4 4.6 MEDIUM· v3 N/A· v2 Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVE-2023-22448 1Intel 1Unison Software Nov 21, 2024 Nov 14, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.
CVE-2023-22285 1Intel 1Unison Software Nov 21, 2024 Nov 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2022-41689 1Intel 1In Band Manageability Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-41659 1Intel 1Unison Nov 21, 2024 Nov 14, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-38786 1Intel 1Battery Life Diagnostic Tool Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36396 1Intel 1Aptio V Uefi Firmware Integrator Tools Nov 21, 2024 Nov 14, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36374 1Intel 1Aptio V Uefi Firmware Integrator Tools Nov 21, 2024 Nov 14, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-44248 1Fortinet 1Fortiedr Nov 21, 2024 Nov 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next...Show more An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.Show less

Previous 1...145146147...255 Next