Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2016-02-29 CVE-2016-0225 Improper Access Control vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-284
4.9
2016-02-21 CVE-2016-2275 Improper Access Control vulnerability in Advantech Vesp211-232 Firmware and Vesp211-Eu Firmware
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.
network
low complexity
advantech CWE-284
critical
9.8
2016-02-16 CVE-2015-7577 Improper Access Control vulnerability in Rubyonrails Ruby on Rails
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.
network
low complexity
rubyonrails CWE-284
5.3
2016-02-15 CVE-2015-2008 Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive.
network
high complexity
ibm CWE-284
4.4
2016-02-12 CVE-2016-1315 Improper Access Control vulnerability in Cisco Email Security Appliance Firmeware
The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338.
network
low complexity
cisco CWE-284
7.5
2016-02-08 CVE-2016-2048 Improper Access Control vulnerability in Djangoproject Django 1.9/1.9.1
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
network
low complexity
djangoproject CWE-284
5.5
2016-02-08 CVE-2015-8361 Improper Access Control vulnerability in Atlassian Bamboo
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.
network
low complexity
atlassian CWE-284
critical
9.1
2016-02-07 CVE-2016-1302 Improper Access Control vulnerability in multiple products
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
network
low complexity
samsung sun zyxel zzinc cisco CWE-284
8.8
2016-02-07 CVE-2016-1301 Improper Access Control vulnerability in Cisco products
The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.
network
low complexity
cisco CWE-284
8.8
2016-02-03 CVE-2016-1905 Improper Access Control vulnerability in Kubernetes
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
network
low complexity
kubernetes CWE-284
7.7