CWE-284— Improper Access Control
4,215 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 25 of 85
- CVE-2023-21445MEDIUMCVSS 5.5EG 7.82023-02-09
Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.
- CVE-2023-21447MEDIUMCVSS 4.0EG 3.32023-02-09
Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.
- CVE-2023-21457MEDIUMCVSS 4.1EG 8.12023-03-16
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.
- CVE-2023-21463MEDIUMCVSS 4.0EG 3.32023-03-16
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Inte…
- CVE-2023-21465MEDIUMCVSS 5.5EG 5.52023-03-16
Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local files.
- CVE-2023-21488MEDIUMCVSS 4.4EG 4.42023-05-04
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.
- CVE-2023-21490MEDIUMCVSS 4.7EG 4.72023-05-04
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
- CVE-2023-21491HIGHCVSS 8.5EG 8.52023-05-04
Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.
- CVE-2023-21493MEDIUMCVSS 6.8EG 6.82023-05-04
Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.
- CVE-2023-21495MEDIUMCVSS 4.0EG 4.02023-05-04
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.
- CVE-2023-21518MEDIUMCVSS 4.4EG 4.42023-06-28
Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.
- CVE-2023-21531HIGHCVSS 7.0EG 7.02023-01-10
Azure Service Fabric Container Elevation of Privilege Vulnerability
- CVE-2023-2159MEDIUMCVSS 5.3EG 5.32023-06-09
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default set…
- CVE-2023-21642HIGHCVSS 8.4EG 8.42023-05-02
Memory corruption in HAB Memory management due to broad system privileges via physical address.
- CVE-2023-21670HIGHCVSS 7.8EG 7.82023-06-06
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
- CVE-2023-21673HIGHCVSS 8.7EG 8.72023-10-03
Improper Access to the VM resource manager can lead to Memory Corruption.
- CVE-2023-21717HIGHCVSS 8.8EG 8.82023-02-14
Microsoft SharePoint Server Elevation of Privilege Vulnerability
- CVE-2023-21742HIGHCVSS 8.8EG 8.82023-01-10
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2023-21750HIGHCVSS 7.1EG 7.12023-01-10
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-21751MEDIUMCVSS 6.5EG 6.52023-12-14
Azure DevOps Server Spoofing Vulnerability
- CVE-2023-21752HIGHCVSS 7.1EG 7.12023-01-10
Windows Backup Service Elevation of Privilege Vulnerability
- CVE-2023-21777HIGHCVSS 8.7EG 8.72023-02-14
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
- CVE-2023-21828HIGHCVSS 8.1EG 8.12023-01-18
Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privile…
- CVE-2023-2183MEDIUMCVSS 4.1EG 4.12023-06-06
Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a…
- CVE-2023-21832HIGHCVSS 8.8EG 8.82023-01-18
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged atta…
- CVE-2023-21846HIGHCVSS 8.8EG 8.82023-01-18
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged atta…
- CVE-2023-21849HIGHCVSS 7.5EG 7.52023-01-18
Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with networ…
- CVE-2023-21850HIGHCVSS 7.5EG 7.52023-01-18
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated at…
- CVE-2023-21851HIGHCVSS 7.5EG 7.52023-01-18
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with…
- CVE-2023-21852HIGHCVSS 7.5EG 7.52023-01-18
Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network …
- CVE-2023-21853HIGHCVSS 7.5EG 7.52023-01-18
Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Synchronization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker wi…
- CVE-2023-21854HIGHCVSS 7.5EG 7.52023-01-18
Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Core Components). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with netw…
- CVE-2023-21855HIGHCVSS 7.5EG 7.52023-01-18
Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticate…
- CVE-2023-21857HIGHCVSS 7.5EG 7.52023-01-18
Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Auomated Test Suite). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated atta…
- CVE-2023-21860MEDIUMCVSS 6.3EG 6.32023-01-18
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploi…
- CVE-2023-21893HIGHCVSS 7.5EG 7.52023-01-18
Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS…
- CVE-2023-21894HIGHCVSS 7.3EG 7.32023-01-18
Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vul…
- CVE-2023-21901HIGHCVSS 7.4EG 7.42024-01-16
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.…
- CVE-2023-21905MEDIUMCVSS 6.1EG 6.12023-04-18
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Routing Hub). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability all…
- CVE-2023-21922MEDIUMCVSS 6.8EG 6.82023-04-18
Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Difficult to exploit vulnerability allow…
- CVE-2023-21923HIGHCVSS 8.3EG 8.32023-04-18
Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows …
- CVE-2023-21968LOWCVSS 3.7EG 3.72023-04-18
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enter…
- CVE-2023-21969MEDIUMCVSS 6.7EG 6.72023-04-18
Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL …
- CVE-2023-21980HIGHCVSS 7.1EG 7.12023-04-18
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker wit…
- CVE-2023-21985HIGHCVSS 7.7EG 7.72023-04-18
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure whe…
- CVE-2023-22014HIGHCVSS 8.4EG 8.42023-07-18
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon …
- CVE-2023-2202MEDIUMCVSS 6.5EG 6.52023-04-21
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
- CVE-2023-22102HIGHCVSS 8.3EG 8.32023-10-17
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via m…
- CVE-2023-22232MEDIUMCVSS 5.3EG 5.32023-02-17
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrit…
- CVE-2023-22250MEDIUMCVSS 5.3EG 5.32023-03-27
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the …
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →