Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-21083

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-28 Jun, 2021 | 13:41
Updated At-16 Sep, 2024 | 16:23
Rejected At-
Credits

Adobe Experience Manager broken access control in DSRPReindexServlet could lead to denial-of-service

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:28 Jun, 2021 | 13:41
Updated At:16 Sep, 2024 | 16:23
Rejected At:
▼CVE Numbering Authority (CNA)
Adobe Experience Manager broken access control in DSRPReindexServlet could lead to denial-of-service

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.

Affected Products
Vendor
Adobe Inc.Adobe
Product
Experience Manager
Versions
Affected
  • From unspecified through 6.3.3.8 (custom)
  • From unspecified through 6.4.8.3 (custom)
  • From unspecified through 6.5.7.0 (custom)
  • From unspecified through AEM Cloud Service (custom)
Problem Types
TypeCWE IDDescription
CWECWE-284Improper Access Control (CWE-284)
Type: CWE
CWE ID: CWE-284
Description: Improper Access Control (CWE-284)
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html
x_refsource_MISC
Hyperlink: https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html
x_refsource_MISC
x_transferred
Hyperlink: https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:28 Jun, 2021 | 14:15
Updated At:21 Oct, 2022 | 20:02

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Adobe Inc.
adobe
>>experience_manager>>Versions up to 6.3.3.8(inclusive)
cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>experience_manager>>Versions from 6.4.0.0(inclusive) to 6.4.8.4(exclusive)
cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>experience_manager>>Versions from 6.5.0.0(inclusive) to 6.5.8.0(exclusive)
cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>experience_manager_cloud_service>>-
cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-284Secondarypsirt@adobe.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: psirt@adobe.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://helpx.adobe.com/security/products/experience-manager/apsb21-15.htmlpsirt@adobe.com
Vendor Advisory
Hyperlink: https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html
Source: psirt@adobe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

176Records found
CVE-2021-32514
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.58%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 14:11
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QSAN Storage Manager - Improper Access Control Following via FirwareUpgrade function

Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.

Action-Not Available
Vendor-qsanQSAN
Product-storage_managerStorage Manager
CWE ID-CWE-284
Improper Access Control
CVE-2021-26338
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.97%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 17:53
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7h12_firmwareepyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7313epyc_7663_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™
CWE ID-CWE-284
Improper Access Control
CVE-2021-26733
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.68%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-07 May, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
spx_restservice FirstReset_handler_func Broken Access Control

A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Action-Not Available
Vendor-lannerincLanner Inc
Product-iac-ast2500a_firmwareiac-ast2500aIAC-AST2500A
CWE ID-CWE-284
Improper Access Control
CVE-2023-52105
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.60%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 09:24
Updated-27 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOSharmonyos
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2023-39228
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.72%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2015-8523
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-1.56% / 80.75%
||
7 Day CHG~0.00%
Published-04 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-32470
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.76%
||
7 Day CHG+0.03%
Published-28 Apr, 2025 | 09:07
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated change of IP adress

A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.

Action-Not Available
Vendor-SICK AG
Product-SICK FLX0-GPNT100SICK FLX3-CPUC200
CWE ID-CWE-284
Improper Access Control
CVE-2023-3273
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.17%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 09:31
Updated-12 Nov, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.

Action-Not Available
Vendor-SICK AG
Product-icr890-4icr890-4_firmwareICR890-4icr890-4
CWE ID-CWE-284
Improper Access Control
CVE-2025-29448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.57%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 00:00
Updated-09 Jul, 2025 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.

Action-Not Available
Vendor-easyappointmentsn/a
Product-easy\!appointmentsn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-6323
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.13% / 77.48%
||
7 Day CHG~0.00%
Published-07 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.

Action-Not Available
Vendor-n/aGNUFedora ProjectopenSUSE
Product-fedoraopensuseglibcn/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-22285
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.21%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2022-45431
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.23%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDahua Technology Co., Ltd
Product-linux_kerneldhi-dss4004-s2_firmwaredss_expressdss_professionaldhi-dss4004-s2dhi-dss7016d-s2dhi-dss7016dr-s2_firmwaredhi-dss7016dr-s2dhi-dss7016d-s2_firmwareDSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2
CWE ID-CWE-284
Improper Access Control
CVE-2019-5036
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.40%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 21:08
Updated-04 Aug, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability.

Action-Not Available
Vendor-n/aGoogle LLC
Product-nest_cam_iq_indoor_firmwarenest_cam_iq_indoorNest Labs
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-346
Origin Validation Error
CVE-2019-1763
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.34% / 79.19%
||
7 Day CHG~0.00%
Published-22 Mar, 2019 | 20:05
Updated-19 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 8800 Series Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8821-ex_firmwareip_phone_8821ip_conference_phone_8832_firmwareip_phone_8800ip_conference_phone_8832ip_phone_8821_firmwareip_phone_8821-exip_phone_8800_firmwareCisco Wireless IP Phone 8821 and 8821-EXCisco IP Conference Phone 8832 and the rest of the IP Phone 8800 Series
CWE ID-CWE-284
Improper Access Control
CVE-2016-7054
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-16.50% / 94.64%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ChaCha20/Poly1305 heap-buffer-overflow

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

Action-Not Available
Vendor-OpenSSL
Product-opensslOpenSSL
CWE ID-CWE-284
Improper Access Control
CVE-2016-7952
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.13%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

Action-Not Available
Vendor-n/aFedora ProjectX.Org Foundation
Product-libxtstfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-284
Improper Access Control
CVE-2024-30418
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 08:19
Updated-13 Mar, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-284
Improper Access Control
CVE-2016-5736
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 80.27%
||
7 Day CHG~0.00%
Published-19 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_link_controllerbig-ip_websafebig-ip_edge_gatewaybig-ip_protocol_security_modulebig-ip_wan_optimization_managerbig-ip_application_acceleration_managerbig-ip_analyticsbig-ip_application_security_managerbig-ip_global_traffic_managerbig-ip_webacceleratorbig-ip_domain_name_systembig-ip_advanced_firewall_managerbig-ip_local_traffic_managerbig-ip_policy_enforcement_managerbig-ip_access_policy_managern/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.10% / 83.36%
||
7 Day CHG~0.00%
Published-26 Aug, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_link_controllerbig-ip_access_policy_managerbig-ip_edge_gatewaybig-ip_wan_optimization_managerbig-ip_application_acceleration_managerbig-ip_analyticsbig-ip_application_security_managerbig-ip_global_traffic_managerbig-ip_webacceleratorbig-ip_domain_name_systembig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_protocol_security_modulen/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-42359
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-1.45% / 79.96%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 19:44
Updated-14 Feb, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion

WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the “action” parameter set to “admin-dismiss-unsubscribe” and the “id” parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question.

Action-Not Available
Vendor-legalweblegalweb
Product-wp_dsgvo_toolsWP DSGVO Tools (GDPR)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2016-0319
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.86%
||
7 Day CHG~0.00%
Published-25 Nov, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aIBM Corporation
Product-jazz_reporting_servicen/a
CWE ID-CWE-284
Improper Access Control
CVE-2024-37993
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.15% / 36.66%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-18 Sep, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_reader_rf650r_fcc_firmwaresimatic_reader_rf680r_cmiitsimatic_rf1170r_firmwaresimatic_reader_rf650r_cmiit_firmwaresimatic_reader_rf685r_fccsimatic_reader_rf650r_aribsimatic_reader_rf615r_etsi_firmwaresimatic_rf360rsimatic_reader_rf680r_fccsimatic_reader_rf610r_fccsimatic_reader_rf610r_etsi_firmwaresimatic_reader_rf685r_arib_firmwaresimatic_reader_rf615r_cmiitsimatic_rf186c_firmwaresimatic_reader_rf685r_fcc_firmwaresimatic_rf188c_firmwaresimatic_reader_rf680r_cmiit_firmwaresimatic_reader_rf685r_etsisimatic_rf185csimatic_rf360r_firmwaresimatic_rf1140r_firmwaresimatic_rf186cisimatic_rf1140rsimatic_rf188csimatic_reader_rf610r_cmiit_firmwaresimatic_reader_rf610r_fcc_firmwaresimatic_rf185c_firmwaresimatic_reader_rf615r_fccsimatic_reader_rf680r_etsisimatic_reader_rf615r_fcc_firmwaresimatic_reader_rf680r_fcc_firmwaresimatic_reader_rf610r_etsisimatic_reader_rf685r_cmiit_firmwaresimatic_reader_rf680r_arib_firmwaresimatic_rf186ci_firmwaresimatic_rf166c_firmwaresimatic_rf188ci_firmwaresimatic_reader_rf650r_fccsimatic_reader_rf650r_cmiitsimatic_reader_rf685r_cmiitsimatic_rf166csimatic_reader_rf680r_aribsimatic_rf1170rsimatic_reader_rf650r_etsisimatic_reader_rf610r_cmiitsimatic_reader_rf650r_arib_firmwaresimatic_reader_rf680r_etsi_firmwaresimatic_reader_rf615r_etsisimatic_reader_rf650r_etsi_firmwaresimatic_rf186csimatic_reader_rf685r_aribsimatic_reader_rf615r_cmiit_firmwaresimatic_reader_rf685r_etsi_firmwaresimatic_rf188ciSIMATIC Reader RF650R ARIBSIMATIC Reader RF650R ETSISIMATIC Reader RF680R CMIITSIMATIC Reader RF615R ETSISIMATIC RF166CSIMATIC Reader RF685R CMIITSIMATIC RF185CSIMATIC Reader RF610R CMIITSIMATIC Reader RF685R ETSISIMATIC Reader RF615R CMIITSIMATIC RF188CISIMATIC Reader RF610R ETSISIMATIC Reader RF685R FCCSIMATIC Reader RF615R FCCSIMATIC RF186CSIMATIC RF360RSIMATIC Reader RF680R ARIBSIMATIC RF1140RSIMATIC Reader RF685R ARIBSIMATIC RF1170RSIMATIC Reader RF680R ETSISIMATIC RF188CSIMATIC Reader RF610R FCCSIMATIC Reader RF650R CMIITSIMATIC RF186CISIMATIC Reader RF680R FCCSIMATIC Reader RF650R FCC
CWE ID-CWE-284
Improper Access Control
CVE-2024-31964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.89%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 00:00
Updated-02 Aug, 2024 | 01:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service.

Action-Not Available
Vendor-n/aMitel Networks Corp.
Product-n/a6970_conference_unit6900w_series_sip_phone6800_series_sip_phones
CWE ID-CWE-284
Improper Access Control
CVE-2016-7946
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.42% / 60.87%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

Action-Not Available
Vendor-n/aFedora ProjectX.Org Foundation
Product-fedoralibxin/a
CWE ID-CWE-284
Improper Access Control
CVE-2024-25736
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.79% / 90.94%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 00:00
Updated-28 May, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.

Action-Not Available
Vendor-wyrestormn/awyrestorm
Product-apollo_vx20_firmwareapollo_vx20n/aapollo_vx20
CWE ID-CWE-284
Improper Access Control
CVE-2024-43477
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-19.50% / 95.18%
||
7 Day CHG+2.34%
Published-23 Aug, 2024 | 01:14
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Entra ID Elevation of Privilege Vulnerability

Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.

Action-Not Available
Vendor-Microsoft Corporation
Product-entra_idMicrosoft Entra
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found