Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-02 | CVE-2016-0342 | Improper Access Control vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. | 5.4 |
| 2018-02-01 | CVE-2014-9504 | Improper Access Control vulnerability in Open Atrium Project Open Atrium The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance. | 7.5 |
| 2018-02-01 | CVE-2014-3519 | Improper Access Control vulnerability in Openvz Vzkernel 2.6.32 The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure. | 6.5 |
| 2018-01-30 | CVE-2016-6598 | Improper Access Control vulnerability in BMC Track-It! 11.3/11.3.0.355/11.4 BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. | 9.8 |
| 2018-01-12 | CVE-2015-3888 | Improper Access Control vulnerability in Jolla Sailfish OS Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL. | 7.5 |
| 2018-01-10 | CVE-2016-9722 | Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 4.2 |
| 2018-01-09 | CVE-2017-15131 | Improper Access Control vulnerability in multiple products It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. | 7.8 |
| 2017-12-29 | CVE-2015-8008 | Improper Access Control vulnerability in multiple products The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | 7.5 |
| 2017-12-29 | CVE-2015-3302 | Improper Access Control vulnerability in Thecartpress Ecommerce Shopping Cart The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." | 7.5 |
| 2017-10-31 | CVE-2015-9245 | Improper Access Control vulnerability in Progress Openedge Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | 9.8 |