Latest Improper Access Control Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-12-01 CVE-2020-7547 A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. 0.0
2020-12-01 CVE-2020-7545 A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage. 0.0
2020-11-19 CVE-2020-7573 Improper Access Control vulnerability in SE Webreports 1.9/3.1
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.
network
low complexity
se CWE-284
6.4
2020-11-19 CVE-2020-7561 Improper Access Control vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.
network
low complexity
schneider-electric CWE-284
7.5
2020-11-12 CVE-2020-24441 Improper Access Control vulnerability in Adobe Acrobat Reader
Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application.
4.3
2020-11-05 CVE-2020-24433 Improper Access Control vulnerability in Adobe products
Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM.
network
adobe CWE-284
critical
9.3
2020-09-18 CVE-2020-15181 Improper Access Control vulnerability in Alfresco Reset Password
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision.
network
low complexity
alfresco CWE-284
critical
10
2020-09-17 CVE-2020-8028 Improper Access Control vulnerability in Suse Salt-Netapi-Client
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager.
local
low complexity
suse CWE-284
7.2
2020-07-28 CVE-2020-10930 Improper Access Control vulnerability in Netgear R6700 Firmware 1.0.4.8410.0.58
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers.
low complexity
netgear CWE-284
3.3
2020-06-22 CVE-2020-4062 Improper Access Control vulnerability in Cyberark Conjur OSS Helm Chart
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port.
low complexity
cyberark CWE-284
7.7