Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-25320 Improper Access Control vulnerability in Rancher
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID.
network
low complexity
rancher CWE-284
4.0
2021-07-07 CVE-2021-32514 Improper Access Control vulnerability in Qsan Storage Manager
Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device.
network
low complexity
qsan CWE-284
5.0
2021-07-07 CVE-2021-32517 Improper Access Control vulnerability in Qsan Storage Manager
Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function.
network
low complexity
qsan CWE-284
5.0
2021-07-06 CVE-2021-24405 Improper Access Control vulnerability in Izsoft Easy Cookies Policy
The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them.
network
low complexity
izsoft CWE-284
4.0
2021-06-28 CVE-2021-21083 Improper Access Control vulnerability in Adobe Experience Manager
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability.
network
low complexity
adobe CWE-284
5.0
2021-06-14 CVE-2021-24352 Improper Access Control vulnerability in Wpdeveloper Simple 301 Redirects
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.
6.8
2021-06-14 CVE-2021-24353 Improper Access Control vulnerability in Wpdeveloper Simple 301 Redirects
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects.
6.8
2021-06-14 CVE-2021-24355 Improper Access Control vulnerability in Wpdeveloper Simple 301 Redirects
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.
network
low complexity
wpdeveloper CWE-284
4.0
2021-06-14 CVE-2021-24356 Improper Access Control vulnerability in Wpdeveloper Simple 301 Redirects
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.
network
low complexity
wpdeveloper CWE-284
6.5
2021-06-14 CVE-2021-24359 Improper Access Control vulnerability in Posimyth the Plus Addons for Elementor
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site.
network
low complexity
posimyth CWE-284
5.0