Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2016-02-01 CVE-2016-2049 Improper Access Control vulnerability in Janrain PHP-Openid
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.
network
low complexity
janrain CWE-284
8.8
2016-01-26 CVE-2016-1492 Improper Access Control vulnerability in Lenovo Shareit 3.0.18Ww
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
high complexity
lenovo CWE-284
6.1
2016-01-23 CVE-2015-6317 Improper Access Control vulnerability in Cisco Identity Services Engine Software
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.
network
low complexity
cisco CWE-284
6.5
2016-01-09 CVE-2015-8512 Improper Access Control vulnerability in Mozilla Firefox OS
The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.
low complexity
mozilla CWE-284
4.6
2016-01-09 CVE-2015-6933 Improper Access Control vulnerability in VMWare products
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.
network
low complexity
vmware CWE-284
6.3
2016-01-08 CVE-2015-6862 Improper Access Control vulnerability in HP Ucmdb Browser 4.0.1
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
local
low complexity
hp CWE-284
8.4
2016-01-03 CVE-2015-5017 Improper Access Control vulnerability in IBM products
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
network
low complexity
ibm CWE-284
5.4
2016-01-03 CVE-2015-1985 Improper Access Control vulnerability in IBM MQ Appliance M2000 8.0.0.3
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.
local
high complexity
ibm CWE-284
5.6
2015-12-23 CVE-2015-6851 Improper Access Control vulnerability in RSA Securid web Agent
EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.
local
high complexity
rsa CWE-284
6.7
2015-12-21 CVE-2015-1836 Improper Access Control vulnerability in multiple products
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
network
low complexity
ibm apache CWE-284
7.3