CWE-284 - Improper Access Control

Description

For providing necessary control and security, every system possesses a few protection mechanisms: authentication (user's personality acknowledging), authorization (assurance in user's access to resource), and accountability (activities reporting).
Problems with usage or even work ceasing of at least one of the mechanisms allow attackers to put the software at risk by gaining privileges, getting access to resources, executing commands, evading detection, etc.
There are 2 signs of problems with protection mechanisms:
1. Specification: Performing of activities carried out only by administrator or program became available for all the users.
2.Enforcement: Errors arisen in work of program lead to violations of set access control requirements (e.g. a user can define own priveleges or admit insecure activities himself.
The weakness is introduced during Operation, Architecture and Design and Implementation stages.

Latest vulnerabilities for CWE-284

Improper access control in ownCloud Android App 2024-04-25
Low Yes

Improper access control in ownCloud Infinite Scale 2024-04-25
Medium Yes

Improper access control in Advanced PWA module for Drupal 2024-04-25
Medium Yes

Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) 2024-04-25
Medium Yes

Multiple vulnerabilities in IBM Integration Designer 2024-04-23
High Yes

Multiple vulnerabilities in Peplink Smart Reader 2024-04-18
High Yes

Improper access control in Cisco IOS and IOS XE Software 2024-04-18
Medium Yes

Bamboo Data Center and Server update for Spring Security 2024-04-17
Medium Yes

Improper access control in Measuresoft ScadaPro 2024-04-17
Low No

Multiple vulnerabilities in IBM Sterling Order Management 2024-04-17
High Yes

References

Description of CWE-284 on Mitre website