VYPR

CWE-284

Improper Access Control

PillarIncomplete

Description

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-19 · CAPEC-441 · CAPEC-478 · CAPEC-479 · CAPEC-502 · CAPEC-503 · CAPEC-536 · CAPEC-546 · CAPEC-550 · CAPEC-551 · CAPEC-552 · CAPEC-556 · CAPEC-558 · CAPEC-562 · CAPEC-563 · CAPEC-564 · CAPEC-578

CVEs mapped to this weakness (2,700)

page 25 of 135
  • CVE-2026-33834HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-37526HigMay 1, 2026
    risk 0.51cvss 7.8epss 0.00

    AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The…

  • CVE-2026-35243HigApr 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the…

  • CVE-2026-27914HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.03

    Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26183HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.

  • CVE-2026-23856HigFeb 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this…

  • CVE-2025-43476HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox.

  • CVE-2025-43407HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved entitlements. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.

  • CVE-2025-61156HigOct 29, 2025
    risk 0.51cvss 7.8epss 0.00

    Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary commands via an insecure IOCTL.

  • CVE-2025-10491HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version…

  • CVE-2025-1865HigApr 4, 2025
    risk 0.51cvss 7.8epss 0.00

    The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM.

  • CVE-2025-24173HigMar 31, 2025
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.

  • CVE-2024-9157HigMar 11, 2025
    risk 0.51cvss 7.8epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to…

  • CVE-2024-40812HigJul 29, 2024
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission…

  • CVE-2022-26926HigMay 10, 2022
    risk 0.51cvss 7.8epss 0.03

    Windows Address Book Remote Code Execution Vulnerability

  • CVE-2018-10905HigJul 24, 2018
    risk 0.51cvss 7.8epss 0.00

    CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

  • CVE-2018-4858HigJul 9, 2018
    risk 0.51cvss 7.8epss 0.02

    A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All…

  • CVE-2013-6272HigMay 2, 2018
    risk 0.51cvss 7.8epss 0.01

    The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a…

  • CVE-2018-1168HigFeb 21, 2018
    risk 0.51cvss 7.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific…

  • CVE-2017-15131HigJan 9, 2018
    risk 0.51cvss 7.8epss 0.00

    It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.