Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-4169 1Ruijie 1Rg Ew1200g Firmware Nov 21, 2024 Aug 5, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Passw...Show more A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2022-34453 1Dell 1Xtremio X2 Firmware Nov 21, 2024 Aug 3, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled...Show more Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. Show less
CVE-2023-37478 1Pnpm 1Pnpm Nov 21, 2024 Aug 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can res...Show more pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8.Show less
CVE-2022-43702 1Arm 6Arm Compiler Arm Compiler For Embedded FusaArm Compiler For Functional Safety+3 more Feb 13, 2025 Jul 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.
CVE-2023-3786 1Aures 1Komet Firmware Nov 21, 2024 Jul 20, 2023 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to laun...Show more A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability.Show less
CVE-2023-22014 1Oracle 1Peoplesoft Enterprise Peopletools Nov 21, 2024 Jul 18, 2023 N/A· v4 8.4 HIGH· v3 N/A· v2 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated a...Show more Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2023-37267 1Umbraco 1Umbraco Cms Nov 21, 2024 Jul 13, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
CVE-2023-29298 1Adobe 1Coldfusion Oct 23, 2025 Jul 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker...Show more Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.Show less
CVE-2023-33155 1Microsoft 7Windows 10 1809 Windows 10 21h2Windows 10 22h2+4 more Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-29130 1Siemens 2Simatic Cn 4100 Simatic Cn 4100 Firmware Feb 18, 2026 Jul 11, 2023 N/A· v4 10.0 CRITICAL· v3 N/A· v2 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain adm...Show more A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control.Show less
CVE-2023-24490 1Citrix 2Linux Virtual Delivery Agent Virtual Apps And Desktops Nov 21, 2024 Jul 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Users with only access to launch VDA applications can launch an unauthorized desktop
CVE-2023-24489 1Citrix 1Sharefile Storage Zones Controller Feb 26, 2026 Jul 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zo...Show more A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.Show less
CVE-2023-24486 1Citrix 1Workspace Nov 21, 2024 Jul 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who...Show more A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.Show less
CVE-2023-3273 1Sick 1Icr890 4 Firmware Jun 1, 2026 Jul 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access contr...Show more Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.Show less
CVE-2023-3271 1Sick 1Icr890 4 Firmware Jun 1, 2026 Jul 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints.
CVE-2023-35940 1Glpi Project 1Glpi Nov 21, 2024 Jul 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Ver...Show more GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.Show less
CVE-2023-35939 1Glpi Project 1Glpi Nov 21, 2024 Jul 5, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), a...Show more GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue.Show less
CVE-2023-34107 1Glpi Project 1Glpi Nov 21, 2024 Jul 5, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access t...Show more GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue.Show less
CVE-2023-34106 1Glpi Project 1Glpi Nov 21, 2024 Jul 5, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows acce...Show more GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch.Show less
CVE-2023-21518 1Samsung 1Searchwidget Nov 21, 2024 Jun 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

Previous 1...153154155...255 Next