CWE-284— Improper Access Control
4,213 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 19 of 85
- CVE-2022-3186HIGHCVSS 8.6EG 7.52022-12-21
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect dev…
- CVE-2022-32158CRITICALCVSS 9.0EG 10.02022-06-15
Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint …
- CVE-2022-32212HIGHCVSS 8.1EG 8.12022-07-14
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid befo…
- CVE-2022-32226MEDIUMCVSS 4.3EG 4.32022-09-23
An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, …
- CVE-2022-32255MEDIUMCVSS 5.3EG 5.32022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized acces…
- CVE-2022-32256MEDIUMCVSS 4.3EG 6.52022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged use…
- CVE-2022-32257CRITICALCVSS 9.8EG 9.82024-03-12
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized acces…
- CVE-2022-32507HIGHCVSS 8.8EG 8.82024-05-14
An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no acces…
- CVE-2022-32578MEDIUMCVSS 6.7EG 6.72023-05-10
Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-32582MEDIUMCVSS 5.3EG 5.32023-05-10
Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service vi…
- CVE-2022-3263HIGHCVSS 7.8EG 7.82022-09-23
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.
- CVE-2022-32783MEDIUMCVSS 5.5EG 5.52022-09-23
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.
- CVE-2022-32789MEDIUMCVSS 5.5EG 5.52022-09-23
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences.
- CVE-2022-32800MEDIUMCVSS 5.5EG 5.52022-09-23
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.
- CVE-2022-32834MEDIUMCVSS 5.5EG 5.52022-08-24
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.
- CVE-2022-32848MEDIUMCVSS 5.5EG 5.52022-09-23
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to capture a user’s screen.
- CVE-2022-3286MEDIUMCVSS 5.3EG 5.32022-10-17
Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token
- CVE-2022-32872LOWCVSS 2.4EG 2.42022-09-20
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.
- CVE-2022-32880MEDIUMCVSS 6.5EG 6.52022-09-20
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data.
- CVE-2022-32883MEDIUMCVSS 5.5EG 5.52022-09-20
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.
- CVE-2022-32902MEDIUMCVSS 5.5EG 5.52023-02-27
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.
- CVE-2022-32904MEDIUMCVSS 5.5EG 5.52022-11-01
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data.
- CVE-2022-32918MEDIUMCVSS 5.5EG 5.52022-11-01
This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences.
- CVE-2022-32945MEDIUMCVSS 4.3EG 4.32022-12-15
An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods.
- CVE-2022-32946MEDIUMCVSS 5.5EG 5.52022-11-01
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
- CVE-2022-33243HIGHCVSS 8.4EG 7.82023-02-12
Memory corruption due to improper access control in Qualcomm IPC.
- CVE-2022-3325LOWCVSS 2.7EG 4.32022-10-17
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules v…
- CVE-2022-3369HIGHCVSS 8.6EG 5.52022-11-01
An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue a…
- CVE-2022-33701LOWCVSS 3.3EG 3.32022-07-12
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.
- CVE-2022-33706LOWCVSS 2.4EG 2.42022-07-12
Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.
- CVE-2022-33714MEDIUMCVSS 6.2EG 3.32022-08-05
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.
- CVE-2022-33720LOWCVSS 2.4EG 2.42022-08-05
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.
- CVE-2022-33731MEDIUMCVSS 5.1EG 7.12022-08-05
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.
- CVE-2022-33757MEDIUMCVSS 6.5EG 6.52022-10-25
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized…
- CVE-2022-3382HIGHCVSS 7.5EG 7.52022-10-17
HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition.
- CVE-2022-33924MEDIUMCVSS 4.3EG 5.32022-08-10
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and create rules.
- CVE-2022-33925MEDIUMCVSS 6.5EG 6.52022-08-10
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports con…
- CVE-2022-33926HIGHCVSS 7.1EG 6.52022-08-10
Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked.
- CVE-2022-33931MEDIUMCVSS 6.3EG 5.32022-08-10
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerability, leading to the change the alert categ…
- CVE-2022-34255HIGHCVSS 8.8EG 8.82022-08-16
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account cou…
- CVE-2022-34259MEDIUMCVSS 5.3EG 5.32022-08-16
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnera…
- CVE-2022-34270CRITICALCVSS 9.8EG 9.82024-02-29
An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.
- CVE-2022-3436MEDIUMCVSS 6.3EG 7.52022-10-09
A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulati…
- CVE-2022-34431MEDIUMCVSS 6.5EG 6.52022-10-11
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.
- CVE-2022-34453HIGHCVSS 7.6EG 7.62023-08-03
Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.
- CVE-2022-34457HIGHCVSS 7.3EG 7.82023-01-18
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows no…
- CVE-2022-3458MEDIUMCVSS 6.3EG 9.82022-10-12
A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler.…
- CVE-2022-34672HIGHCVSS 7.8EG 7.82022-12-30
NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.
- CVE-2022-34827CRITICALCVSS 9.9EG 9.92022-11-18
Carel Boss Mini 1.5.0 has Improper Access Control.
- CVE-2022-34894LOWCVSS 3.5EG 5.32022-07-01
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →