Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-30288

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-08 Apr, 2025 | 20:02
Updated At-18 Apr, 2025 | 17:53
Rejected At-
Credits

ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:08 Apr, 2025 | 20:02
Updated At:18 Apr, 2025 | 17:53
Rejected At:
▼CVE Numbering Authority (CNA)
ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.

Affected Products
Vendor
Adobe Inc.Adobe
Product
ColdFusion
Default Status
affected
Versions
Affected
  • From 0 through 2025.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-284Improper Access Control (CWE-284)
Type: CWE
CWE ID: CWE-284
Description: Improper Access Control (CWE-284)
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
vendor-advisory
Hyperlink: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:08 Apr, 2025 | 20:15
Updated At:21 Apr, 2025 | 18:33

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Primary3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CPE Matches
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2021
cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Secondarypsirt@adobe.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: psirt@adobe.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.htmlpsirt@adobe.com
Vendor Advisory
Hyperlink: https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
Source: psirt@adobe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

97Records found
CVE-2021-21083
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.84%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 13:41
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager broken access control in DSRPReindexServlet could lead to denial-of-service

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_manager_cloud_serviceexperience_managerExperience Manager
CWE ID-CWE-284
Improper Access Control
CVE-2021-21020
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.04%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:29
Updated-16 Sep, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Magento Commerce Improper Access Control Vulnerability

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.

Action-Not Available
Vendor-magentoAdobe Inc.
Product-magentoMagento Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2014-0578
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.36% / 57.64%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-49546
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-2.4||LOW
EPSS-0.05% / 15.21%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 20:49
Updated-15 Jul, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt the availability of the application. Exploitation of this issue does not require user interaction and scope is unchanged. The vulnerable component is restricted to internal IP addresses.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-284
Improper Access Control
CVE-2025-46889
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 16.95%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 22:18
Updated-16 Jun, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager | Improper Access Control (CWE-284)

Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized elevated access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-284
Improper Access Control
CVE-2025-43563
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.1||CRITICAL
EPSS-0.09% / 27.21%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 20:49
Updated-15 Jul, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-284
Improper Access Control
CVE-2025-43586
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.1||HIGH
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 16:08
Updated-23 Jun, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bcommercemagentoAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2016-1044
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||CRITICAL
EPSS-6.12% / 90.42%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1062, and CVE-2016-1117.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2020-10145
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.87%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 20:55
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-30281
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.1||CRITICAL
EPSS-1.00% / 76.11%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 20:02
Updated-15 Jul, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-284
Improper Access Control
CVE-2025-27207
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 16:08
Updated-11 Jul, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2025-27206
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.36%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 16:08
Updated-23 Jun, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bcommercemagentoAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2025-27190
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.81%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 20:17
Updated-23 Jun, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bcommercemagentoAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2015-3116
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.35% / 56.88%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3125, and CVE-2015-5116.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-27191
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.81%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 20:17
Updated-20 May, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2023-38206
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 27.03%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 07:40
Updated-27 Feb, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Access Control (CWE-284)

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-284
Improper Access Control
CVE-2023-38205
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-94.30% / 99.94%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 07:40
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-08-10||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusionColdFusion
CWE ID-CWE-284
Improper Access Control
CVE-2025-24423
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.74%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:37
Updated-16 Apr, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to modify select data. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2025-24435
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.18%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:37
Updated-27 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bcommercemagentoAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2025-24422
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:37
Updated-16 Apr, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2025-24427
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.66%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:37
Updated-17 Apr, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commercecommerce_b2bmagentoAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2025-24429
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-3.5||LOW
EPSS-0.05% / 15.30%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:37
Updated-16 Apr, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2025-24424
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.37%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:37
Updated-16 Apr, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2025-24411
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.1||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:37
Updated-16 Apr, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2025-24426
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:37
Updated-16 Apr, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-45133
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-2.7||LOW
EPSS-0.15% / 35.85%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:58
Updated-11 Oct, 2024 | 22:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-45122
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.00%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:57
Updated-10 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-45149
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-2.7||LOW
EPSS-0.15% / 36.05%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:57
Updated-12 Dec, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-45129
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.09%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:57
Updated-11 Oct, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-45135
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-2.7||LOW
EPSS-0.20% / 41.94%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:57
Updated-11 Oct, 2024 | 22:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-54038
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG+0.01%
Published-10 Dec, 2024 | 20:42
Updated-15 Jan, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect | Improper Access Control (CWE-284)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-connectAdobe Connect
CWE ID-CWE-284
Improper Access Control
CVE-2024-45118
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.98%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:57
Updated-10 Oct, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-43716
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG+0.01%
Published-10 Dec, 2024 | 22:03
Updated-15 Jan, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager | Improper Access Control (CWE-284)

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-284
Improper Access Control
CVE-2021-40699
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.4||HIGH
EPSS-0.23% / 45.37%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 12:54
Updated-04 Sep, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion CFIDE Improper Access Control Leads To Privilege Escalation

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusioncoldfusion
CWE ID-CWE-284
Improper Access Control
CVE-2021-28579
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.35%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 14:13
Updated-23 Apr, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect improper access control could lead to privilege escalation

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.

Action-Not Available
Vendor-Adobe Inc.
Product-connectConnect
CWE ID-CWE-284
Improper Access Control
CVE-2022-34255
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.81%
||
7 Day CHG+0.07%
Published-16 Aug, 2022 | 19:45
Updated-23 Apr, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce Improper Access Control Privilege escalation

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeover for a victim. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-magentoAdobe Inc.
Product-magentocommerceMagento Commerce
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-34259
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.32%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 19:46
Updated-23 Apr, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce Improper Access Control Security feature bypass

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-magentoAdobe Inc.
Product-magentocommerceMagento Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-45124
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:58
Updated-11 Oct, 2024 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerceadobe_commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-45121
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.98%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:58
Updated-10 Oct, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-45130
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.09%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:57
Updated-11 Oct, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-43717
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG+0.01%
Published-10 Dec, 2024 | 22:05
Updated-15 Jan, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager | Improper Access Control (CWE-284)

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-284
Improper Access Control
CVE-2020-9668
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.86% / 74.11%
||
7 Day CHG~0.00%
Published-16 Apr, 2021 | 17:10
Updated-17 Sep, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AGSService program mishandling symbolic links

Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsgenuine_servicemacosGoCart
CWE ID-CWE-284
Improper Access Control
CVE-2024-38310
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.29%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:18
Updated-13 Feb, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics Driver software installers
CWE ID-CWE-284
Improper Access Control
CVE-2023-22293
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.51%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-12 May, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-core_i7-6920hqthunderbolt_dch_drivercore_i9-9900kscore_i5-9600core_i7-7700kcore_i7-8705gcore_i5-9500ecore_i7-8665ucore_i3-6100ucore_i3-8300tcore_i7-7660ucore_i7-6600ucore_i7-8706gcore_i3-6300core_i3-9100fcore_i5-6585rcore_i3-6006ucore_i7-9750hfcore_i7-9700kfcore_i3-6167ucore_i5-8500bcore_i5-8400hcore_i5-8269ucore_i7-8700core_i3-6157ucore_i3-6300tcore_i5-9500core_i5-8400core_i5-7y54core_i3-7100tcore_i7-7700tcore_i3-9100ecore_i7-8086kcore_i7-6500ucore_i7-9700core_i7-6770hqcore_i5-8257ucore_i3-6320core_i5-9400fcore_i7-6700kcore_i7-8700kcore_i7-9850hcore_i9-9880hcore_i9-9900kfcore_i5-7287ucore_i5-7440eqcore_m3-7y32core_i3-8145ucore_i5-7442eqcore_i7-6822eqcore_i5-8279ucore_i7-6700tecore_i5-6400tcore_i3-7020ucore_i5-9300hfcore_i5-6300ucore_i3-7100ucore_i7-9700tecore_i3-8109ucore_i7-8565ucore_i3-7101tecore_i7-7600ucore_i3-7350kcore_i5-7600kcore_m5-6y57core_i5-8250ucore_i3-7100ecore_i3-7300core_i5-7300hqcore_i7-7560ucore_i7-9700tcore_i3-6098pcore_i7-7820eqcore_i3-6100hcore_i7-9850hlcore_i5-8259ucore_m5-6y54core_i5-7360ucore_i3-9100hlcore_i5-6442eqcore_i9-9900core_i5-6600kcore_i5-6500core_i5-9600kcore_i7-7700hqcore_i3-9350kfcore_i5-8400bcore_i5-6600core_i5-6200ucore_i3-8140ucore_m3-8100ycore_i7-6700hqcore_i7-7820hkcore_i3-8100hcore_i7-9700ecore_i7-6870hqcore_i5-6350hqcore_i7-6785rcore_i3-9100tecore_i7-6970hqcore_i7-6820hkcore_i5-7600tcore_i5-8350ucore_i7-9700fcore_i5-7300ucore_i5-8600core_i7-7500ucore_i7-8550ucore_i5-8500tcore_i7-9700kcore_i5-7500core_i3-6102ecore_i3-9100tcore_i5-6402pcore_i5-8260ucore_i3-8100core_i5-6400core_i5-6600tcore_i3-9300tcore_i7-6650ucore_m7-6y75core_i5-7200ucore_i5-9300hcore_m3-6y30core_i9-8950hkcore_i7-8850hcore_i3-7130ucore_i7-7700core_i3-7167ucore_i3-6100tcore_i7-7920hqcore_i3-7102ecore_i5-9400hcore_i7-6820eqcore_i7-7567ucore_i7-8500ycore_i5-8600kcore_i9-9900tcore_i5-8400tcore_i7-8750hcore_i5-6500tecore_i5-8365ucore_i7\+8700core_i7-7820hqcore_i5-9600kfcore_i5-8210ycore_i7-6660ucore_m3-7y30core_i3-9350kcore_i5-7600core_i3-7300tcore_i3-6100ecore_i5-8365uecore_i7-8665uecore_i5-6685rcore_i3-7100hcore_i3-8300core_i5-8200ycore_i3-9300core_i7-6567ucore_i5-7400tcore_i3-6100core_i3-7101ecore_i5-8310ycore_i9-9900kcore_i3-7100core_i7-8809gcore_i3-8145uecore_i5-8500core_i5-9500tecore_i5-7440hqcore_i5-6360ucore_i5-7260ucore_i7-8700bcore_i7-8709gcore_i5-6287ucore_i7-8569ucore_i5-7267ucore_i5-8265ucore_i5-9400core_i5-6267ucore_i3-8100tcore_i5-6300hqcore_i7-9750hcore_i5-6500tcore_i5-6260ucore_i5-6440hqcore_i7-7y75core_i7-8557ucore_i3-8100bcore_i5-9400tcore_i5-9600tcore_i7-6560ucore_i5-9500tcore_i7-6700core_i5-7y57core_i5-9500fcore_i3-9320core_i3-8350kcore_i5-6440eqcore_i5-8300hcore_i7-6820hqcore_i7-8700tcore_i5-8600tcore_i5-7500tcore_i5-8305gcore_i5-7400core_i7-9850hecore_i7-8559ucore_i9-9980hkcore_i3-9100core_i7-8650ucore_i3-6100tecore_i3-8130ucore_i3-7320core_i7-6700tIntel(R) Thunderbolt(TM) DCH drivers for Windows
CWE ID-CWE-284
Improper Access Control
CVE-2024-32483
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7||HIGH
EPSS-0.02% / 4.17%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:12
Updated-15 Nov, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) EMA softwareema_software
CWE ID-CWE-284
Improper Access Control
CVE-2024-23681
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.2||HIGH
EPSS-0.26% / 49.01%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:51
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Artemis Java Test Sandbox Libary Load Escape

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

Action-Not Available
Vendor-ls1intum
Product-artemis_java_test_sandbox
CWE ID-CWE-284
Improper Access Control
CVE-2022-40207
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.53%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_reportIntel(R) SUR software
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • Next
Details not found