CWE-284— Improper Access Control
4,238 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 40 of 85
- CVE-2024-20926MEDIUMCVSS 5.9EG 5.92024-01-16
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle G…
- CVE-2024-20927HIGHCVSS 8.6EG 8.62024-02-17
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with …
- CVE-2024-20929MEDIUMCVSS 6.5EG 6.52024-02-17
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacke…
- CVE-2024-20931HIGHCVSS 7.5EG 9.02024-02-17
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with …
- CVE-2024-20932HIGHCVSS 7.5EG 7.52024-01-16
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.…
- CVE-2024-20936MEDIUMCVSS 6.1EG 6.12024-01-16
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with n…
- CVE-2024-20938MEDIUMCVSS 6.1EG 6.12024-01-16
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…
- CVE-2024-20948MEDIUMCVSS 6.1EG 6.12024-01-16
Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with …
- CVE-2024-20951MEDIUMCVSS 6.1EG 6.12024-02-17
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated atta…
- CVE-2024-20952HIGHCVSS 7.4EG 7.42024-01-16
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 2…
- CVE-2024-20969MEDIUMCVSS 5.5EG 5.52024-01-16
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with netw…
- CVE-2024-20992MEDIUMCVSS 4.4EG 4.42024-04-16
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker wi…
- CVE-2024-21067HIGHCVSS 8.8EG 8.82024-04-16
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged at…
- CVE-2024-21071CRITICALCVSS 9.1EG 9.12024-04-16
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker wi…
- CVE-2024-21074HIGHCVSS 7.5EG 7.52024-04-16
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with netwo…
- CVE-2024-21076HIGHCVSS 7.5EG 7.52024-04-16
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network…
- CVE-2024-21084MEDIUMCVSS 5.8EG 5.82024-04-16
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with n…
- CVE-2024-21091MEDIUMCVSS 6.5EG 6.52024-04-16
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged…
- CVE-2024-21103HIGHCVSS 7.8EG 7.82024-04-16
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infr…
- CVE-2024-21107MEDIUMCVSS 6.7EG 6.72024-04-16
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the inf…
- CVE-2024-21110HIGHCVSS 7.3EG 7.32024-04-16
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infr…
- CVE-2024-21112HIGHCVSS 8.8EG 8.82024-04-16
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infr…
- CVE-2024-21113HIGHCVSS 8.8EG 8.82024-04-16
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infr…
- CVE-2024-21114HIGHCVSS 8.8EG 8.82024-04-16
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infr…
- CVE-2024-21115HIGHCVSS 8.8EG 8.82024-04-16
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infr…
- CVE-2024-21132MEDIUMCVSS 5.4EG 5.42024-07-16
Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Approvals). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access…
- CVE-2024-21145MEDIUMCVSS 4.8EG 4.82024-07-16
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3…
- CVE-2024-21150MEDIUMCVSS 6.1EG 6.12024-07-16
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.8.2. Easily exploitable vulnerability allows unauthenticated attacker wit…
- CVE-2024-21153HIGHCVSS 8.1EG 8.12024-07-16
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). The supported version that is affected is 12.2.13. Easily exploitable vulnerability allows lo…
- CVE-2024-21169MEDIUMCVSS 6.5EG 6.52024-07-16
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access …
- CVE-2024-21195HIGHCVSS 7.6EG 7.62024-10-15
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged atta…
- CVE-2024-21247LOWCVSS 3.8EG 3.82024-10-15
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privil…
- CVE-2024-21248MEDIUMCVSS 5.3EG 5.32024-10-15
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows low privileged attacker …
- CVE-2024-21302MEDIUMCVSS 6.7EG 6.72024-08-08
Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE f…
- CVE-2024-21364CRITICALCVSS 9.3EG 9.32024-02-13
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
- CVE-2024-21376CRITICALCVSS 9.0EG 9.02024-02-13
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
- CVE-2024-21401CRITICALCVSS 9.8EG 9.82024-02-13
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
- CVE-2024-21418HIGHCVSS 7.8EG 7.82024-03-12
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
- CVE-2024-21424MEDIUMCVSS 6.5EG 6.52024-04-09
Azure Compute Gallery Elevation of Privilege Vulnerability
- CVE-2024-21436HIGHCVSS 7.8EG 7.82024-03-12
Windows Installer Elevation of Privilege Vulnerability
- CVE-2024-21483MEDIUMCVSS 4.6EG 4.62024-03-12
A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA0…
- CVE-2024-21589HIGHCVSS 7.4EG 7.42024-01-12
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configura…
- CVE-2024-21644HIGHCVSS 7.5EG 9.02024-01-08
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0…
- CVE-2024-21653MEDIUMCVSS 6.5EG 6.52024-01-30
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authen…
- CVE-2024-21665MEDIUMCVSS 4.3EG 4.32024-01-11
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not …
- CVE-2024-21666MEDIUMCVSS 6.5EG 6.52024-01-11
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate …
- CVE-2024-21667MEDIUMCVSS 6.5EG 6.52024-01-11
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned…
- CVE-2024-21740HIGHCVSS 7.4EG 7.42024-06-25
Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access Control.
- CVE-2024-21741CRITICALCVSS 9.8EG 9.82024-06-25
GigaDevice GD32E103C8T6 devices have Incorrect Access Control.
- CVE-2024-21767CRITICALCVSS 9.4EG 9.42024-03-01
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →