← Back
CWE-284

5,090 CVEs • Abstraction: Pillar

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

JSON object

Loading...

CVEs (5,090)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-36913
1Redirection For Contact Form7
1Redirection For Contact Form 7
Nov 21, 2024
Oct 11, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requi...Show more
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.Show less
CVE-2022-34431
1Dell
1Hybrid Client
Nov 21, 2024
Oct 11, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.
CVE-2022-38388
1Ibm
1Navigator Mobile
May 15, 2025
Oct 11, 2022
N/A· v4
5.5 MEDIUM· v3
N/A· v2
IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.
CVE-2022-39878
1Samsung
1Checkout
Nov 21, 2024
Oct 7, 2022
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.
CVE-2022-39877
1Samsung
1Group Sharing
Nov 21, 2024
Oct 7, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.
CVE-2022-39875
1Samsung
1Account
Nov 21, 2024
Oct 7, 2022
N/A· v4
4.4 MEDIUM· v3
N/A· v2
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
CVE-2022-39871
1Samsung
1Smartthings
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.
CVE-2022-39870
1Samsung
1Smartthings
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.
CVE-2022-39869
1Samsung
1Smartthings
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
CVE-2022-39868
1Samsung
1Smartthings
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
CVE-2022-39867
1Samsung
1Smartthings
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.
CVE-2022-39866
1Samsung
1Smartthings
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
CVE-2022-39865
1Samsung
1Smartthings
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
CVE-2022-39864
1Samsung
1Smartthings
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.
CVE-2022-39860
1Samsung
1Quick Share
Nov 21, 2024
Oct 7, 2022
N/A· v4
3.5 LOW· v3
N/A· v2
Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.
CVE-2022-39857
1Samsung
1Factorycamerafb
Nov 21, 2024
Oct 7, 2022
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.
CVE-2022-39855
1Google
1Android
Nov 21, 2024
Oct 7, 2022
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.
CVE-2022-39854
1Google
1Android
Nov 21, 2024
Oct 7, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
CVE-2022-39851
1Google
1Android
Nov 21, 2024
Oct 7, 2022
N/A· v4
3.3 LOW· v3
N/A· v2
Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission.
CVE-2022-39850
1Google
1Android
Nov 21, 2024
Oct 7, 2022
N/A· v4
3.3 LOW· v3
N/A· v2
Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.