VYPR

CWE-284

Improper Access Control

PillarIncomplete

Description

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-19 · CAPEC-441 · CAPEC-478 · CAPEC-479 · CAPEC-502 · CAPEC-503 · CAPEC-536 · CAPEC-546 · CAPEC-550 · CAPEC-551 · CAPEC-552 · CAPEC-556 · CAPEC-558 · CAPEC-562 · CAPEC-563 · CAPEC-564 · CAPEC-578

CVEs mapped to this weakness (2,700)

page 11 of 135
  • CVE-2025-30132CriMar 18, 2025
    risk 0.59cvss 9.1epss 0.00

    An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept…

  • CVE-2025-1260CriMar 4, 2025
    risk 0.59cvss 9.1epss 0.00

    On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.

  • CVE-2025-1941CriMar 4, 2025
    risk 0.59cvss 9.1epss 0.00

    Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.

  • CVE-2020-35546CriFeb 19, 2025
    risk 0.59cvss 9.1epss 0.00

    Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.

  • CVE-2024-31967CriMay 2, 2024
    risk 0.59cvss 9.1epss 0.00

    A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A…

  • CVE-2021-47155CriMar 18, 2024
    risk 0.59cvss 9.1epss 0.01

    The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

  • CVE-2023-51786CriMar 7, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control.

  • CVE-2016-9639CriFeb 7, 2017
    risk 0.59cvss 9.1epss 0.03

    Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.

  • CVE-2016-8325CriJan 27, 2017
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows…

  • CVE-2016-5605CriOct 25, 2016
    risk 0.59cvss 9.1epss 0.02

    Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.

  • CVE-2016-5599CriOct 25, 2016
    risk 0.59cvss 9.1epss 0.02

    Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to MscObieeSrvlt.

  • CVE-2016-8565CriOct 13, 2016
    risk 0.59cvss 9.1epss 0.03

    Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.

  • CVE-2015-1000009CriOct 6, 2016
    risk 0.59cvss 9.1epss 0.02

    Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05

  • CVE-2016-4694CriSep 25, 2016
    risk 0.59cvss 9.1epss 0.01

    The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to…

  • CVE-2016-4501CriMay 31, 2016
    risk 0.59cvss 9.1epss 0.02

    Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.

  • CVE-2016-0188HigMay 11, 2016
    risk 0.59cvss 8.8epss 0.18

    The User Mode Code Integrity (UMCI) implementation in Device Guard in Microsoft Internet Explorer 11 allows remote attackers to bypass a code-signing protection mechanism via unspecified vectors, aka "Internet Explorer Security Feature Bypass."

  • CVE-2015-8361CriFeb 8, 2016
    risk 0.59cvss 9.1epss 0.03

    Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.

  • CVE-2026-46695CriJun 10, 2026
    risk 0.58cvss 10.0epss 0.00

    Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can…

  • CVE-2018-8088CriMar 20, 2018
    risk 0.58cvss 9.8epss 0.15

    org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x…

  • CVE-2015-2692CriJun 8, 2017
    risk 0.58cvss 10.0epss 0.02

    AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.