CWE-284: Improper Access Control
low-riskThe product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Abstraction: Pillar
Common Consequences
Other
→
Varies by Context
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2023-23752 | 5.3 | 94.5% | Y |
| CVE-2023-24489 | 9.8 | 94.4% | Y |
| CVE-2019-1653 | 7.5 | 94.4% | Y |
| CVE-2019-2729 | 9.8 | 94.4% | — |
| CVE-2020-8193 | 6.5 | 94.4% | Y |
| CVE-2024-27348 | 9.8 | 94.3% | Y |
| CVE-2023-26360 | 8.6 | 94.3% | Y |
| CVE-2023-29298 | 7.5 | 94.3% | Y |
| CVE-2023-27350 | 9.8 | 94.3% | Y |
| CVE-2023-38205 | 7.5 | 94.2% | Y |
6
/ 100
low-risk
Active Threat
5/50 · Minimal
Exploit Availability
1/50 · Minimal