Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-1284 A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. 0.0
2021-05-06 CVE-2021-1515 A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. 0.0
2021-04-23 CVE-2021-22682 Improper Access Control vulnerability in Hornerautomation Cscape
Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access.
local
low complexity
hornerautomation CWE-284
4.6
2021-04-22 CVE-2021-24238 Improper Access Control vulnerability in Purethemes Findeo and Realteo
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
network
low complexity
purethemes CWE-284
4.0
2021-04-16 CVE-2020-9668 Improper Access Control vulnerability in Adobe Genuine Service
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links.
network
adobe CWE-284
6.8
2021-04-14 CVE-2021-27258 This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. 0.0
2021-04-13 CVE-2021-21399 Improper Access Control vulnerability in Ampache
Ampache is a web based audio/video streaming application and file manager.
network
low complexity
ampache CWE-284
5.0
2021-04-12 CVE-2021-24219 The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. 0.0
2021-04-12 CVE-2021-24215 An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. 0.0
2021-04-12 CVE-2021-24198 Improper Access Control vulnerability in Tms-Outsource Wpdatatables
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control.
network
low complexity
tms-outsource CWE-284
5.5