VYPR

CWE-284

Improper Access Control

PillarIncomplete

Description

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-19 · CAPEC-441 · CAPEC-478 · CAPEC-479 · CAPEC-502 · CAPEC-503 · CAPEC-536 · CAPEC-546 · CAPEC-550 · CAPEC-551 · CAPEC-552 · CAPEC-556 · CAPEC-558 · CAPEC-562 · CAPEC-563 · CAPEC-564 · CAPEC-578

CVEs mapped to this weakness (2,700)

page 51 of 135
  • CVE-2024-32044MedNov 13, 2024
    risk 0.44cvss 6.8epss 0.00

    Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2024-29077MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-47976MedOct 7, 2024
    risk 0.44cvss 6.7epss 0.00

    Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.

  • CVE-2024-39934HigJul 4, 2024
    risk 0.44cvss 7.8epss 0.00

    Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment.

  • CVE-2024-21828MedMay 16, 2024
    risk 0.44cvss 6.7epss 0.00

    Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-34404MedMay 3, 2024
    risk 0.44cvss 6.8epss 0.00

    A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a…

  • CVE-2023-4107MedAug 11, 2023
    risk 0.44cvss 6.7epss 0.00

    Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.

  • CVE-2022-24731MedMar 23, 2022
    risk 0.44cvss 6.8epss 0.01

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files…

  • CVE-2018-15371MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has…

  • CVE-2018-0428MedAug 15, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper…

  • CVE-2009-5151MedMay 11, 2018
    risk 0.44cvss 6.7epss 0.01

    The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of…

  • CVE-2009-5150MedMay 11, 2018
    risk 0.44cvss 6.7epss 0.01

    Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space.…

  • CVE-2018-4844MedMar 20, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to…

  • CVE-2016-6338MedApr 20, 2017
    risk 0.44cvss 6.8epss 0.01

    ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.

  • CVE-2016-4031MedApr 13, 2017
    risk 0.44cvss 6.8epss 0.01

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands…

  • CVE-2016-4030MedApr 13, 2017
    risk 0.44cvss 6.8epss 0.01

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the…

  • CVE-2016-8793MedApr 2, 2017
    risk 0.44cvss 6.7epss 0.00

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before…

  • CVE-2016-10065HigMar 3, 2017
    risk 0.44cvss 7.8epss 0.02

    The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-8633MedNov 28, 2016
    risk 0.44cvss 6.8epss 0.02

    drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.

  • CVE-2016-5610MedOct 25, 2016
    risk 0.44cvss 6.8epss 0.00

    Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.