Vulnerabilities > Improper Access Control

DATE	CVE	VULNERABILITY TITLE	RISK
2024-04-17	CVE-2023-43491	An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). network low complexity CWE-284	5.3
2024-04-17	CVE-2023-45209	An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). network low complexity CWE-284	5.3
2024-04-17	CVE-2023-45744	A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). network low complexity CWE-284	8.3
2024-04-15	CVE-2024-3777	The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. network low complexity CWE-284 critical	9.8
2024-04-09	CVE-2023-1083	An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. network low complexity CWE-284 critical	9.8
2024-03-18	CVE-2024-20767	ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. network low complexity CWE-284	8.2
2024-03-13	CVE-2024-2412	The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled. network low complexity CWE-284	5.3
2024-03-12	CVE-2023-36554	Improper Access Control vulnerability in Fortinet Fortimanager A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. network low complexity fortinet CWE-284 critical	9.8
2024-03-12	CVE-2022-32257	Improper Access Control vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). network low complexity siemens CWE-284 critical	9.8
2024-02-05	CVE-2024-22202	Improper Access Control vulnerability in PHPmyfaq phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. network low complexity phpmyfaq CWE-284	6.5

Vulnerabilities > Improper Access Control {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Improper Access Control"}]}

Vulnerabilities > Improper Access Control