Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24038 1Karmasis 1Infraskope Siem+ May 20, 2026 Nov 18, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed.
CVE-2022-24036 1Karmasis 1Infraskope Siem+ May 20, 2026 Nov 16, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs.
CVE-2022-20918 1Cisco 2Firepower Services Software For Asa Secure Firewall Management Center Nov 26, 2024 Nov 15, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and...Show more A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed.Show less
CVE-2022-25679 1Qualcomm 67Aqt1000 Firmware Qca6390 FirmwareQca6391 Firmware+64 more Apr 22, 2025 Nov 15, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-42126 1Liferay 2Digital Experience Platform Liferay Portal Apr 30, 2025 Nov 15, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authentic...Show more The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.Show less
CVE-2022-36789 1Intel 26Nuc 10 Performance Kit Nuc10i3fnh Firmware Nuc 10 Performance Kit Nuc10i3fnhf FirmwareNuc 10 Performance Kit Nuc10i3fnhn Firmware+23 more Feb 5, 2025 Nov 11, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of pri...Show more Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.Show less
CVE-2022-35276 1Intel 5Nuc 8 Compute Element Cm8ccb Firmware Nuc 8 Compute Element Cm8i3cb FirmwareNuc 8 Compute Element Cm8i5cb Firmware+2 more Feb 5, 2025 Nov 11, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-43679 1Owncloud 1Owncloud May 1, 2025 Nov 10, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.
CVE-2022-39889 1Samsung 1Galaxywatch4plugin Nov 21, 2024 Nov 9, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.
CVE-2022-39887 1Google 1Android Nov 21, 2024 Nov 9, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.
CVE-2022-39884 1Google 1Android Nov 21, 2024 Nov 9, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.
CVE-2022-31687 1Vmware 1Workspace One Assist May 1, 2025 Nov 9, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to aut...Show more VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.Show less
CVE-2022-27673 1Amd 1Amd Link May 1, 2025 Nov 9, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.
CVE-2021-46851 1Huawei 2Emui Harmonyos May 1, 2025 Nov 9, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.
CVE-2021-26360 1Amd 3Enterprise Driver Radeon Pro SoftwareRadeon Software May 1, 2025 Nov 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory content...Show more An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.Show less
CVE-2022-25932 1Inhandnetworks 1Inrouter302 Firmware Nov 21, 2024 Nov 9, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an informati...Show more The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.Show less
CVE-2022-42707 1Mahara 1Mahara May 2, 2025 Nov 6, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
CVE-2022-22442 1Ibm 2Infosphere Information Server Infosphere Information Server On Cloud May 5, 2025 Nov 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."
CVE-2022-39370 1Glpi Project 1Glpi Nov 21, 2024 Nov 3, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain...Show more GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script.Show less
CVE-2022-44622 1Jetbrains 1Teamcity Nov 21, 2024 Nov 3, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

Previous 1...170171172...255 Next