CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,326 vulnerabilities with CWE-285
CVE-2024-13646 HIGH
Single-user-chat <= 0.5 - Authenticated Denial of Service via single_user_chat_update_login Function
CVSS 8.1
CVE-2024-13694 HIGH
WooCommerce Wishlist < 1.8.7 - Unauthenticated Insecure Direct Object Reference via download_pdf_file()
CVSS 7.5
CVE-2024-55954 HIGH
OpenObserve < 0.14.1 - Authenticated Privilege Escalation via User Removal Endpoint
CVSS 8.7
CVE-2024-56323 CRITICAL
OpenFGA 1.3.8-1.8.2 - Authorization Bypass via Check API with Contextual Tuples
CVSS 9.8
CVE-2024-13241 CRITICAL
Drupal Open Social <12.0.5 - Info Disclosure
CVSS 9.1
CVE-2024-56320 HIGH
GoCD < 24.5.0 - Authenticated Privilege Escalation via Configuration XML UI
CVSS 8.8
CVE-2024-13109 MEDIUM
Yunfan Learning Examination System 1.9.2 - Improper Authorization in /doc.html
CVSS 5.3
CVE-2024-56802 HIGH
Tapir <0.9.2 - Privilege Escalation
CVE-2024-13058 MEDIUM
SoftIron HyperCloud <2.5.0 - Privilege Escalation
CVE-2024-45805 MEDIUM
OpenCTI < 6.3.0 - Unauthenticated Information Disclosure via Support Information Endpoint
CVSS 4.3
CVE-2024-45387 CRITICAL
Apache Traffic Control <=8.0.1, >=8.0.0 - SQL Injection
CVSS 9.9
CVE-2024-12901 MEDIUM
FoxCMS < 1.2 - Improper Authorization via Site.php Password Argument
CVSS 5.3
CVE-2024-56335 HIGH
vaultwarden < 1.32.7 - Authenticated Privilege Escalation and Denial of Service via Group Manipulation
CVSS 7.6
CVE-2024-12782 HIGH
Fujifilm Business Innovation Apeos C3070-24.8.28 - Auth Bypass
CVSS 7.3
CVE-2024-11768 MEDIUM
WordPress Download Manager <3.3.03 - Info Disclosure
CVSS 5.3
CVE-2024-51479 HIGH
Next.js 9.5.5-14.2.14 - Improper Authorization via Pathname-Based Middleware Bypass
CVSS 7.5
CVE-2024-12483 LOW
Dromara UJCMS <= 9.6.3 - Authorization Bypass in User ID Handler
CVSS 3.7
CVE-2024-43731 MEDIUM
Adobe Experience Manager < 6.5.22.0 and < 2024.11.0 - Security Feature Bypass via Improper Authorization
CVSS 4.3
CVE-2024-43729 MEDIUM
Adobe Experience Manager < 6.5.22.0 and < 2024.11.0 - Security Feature Bypass via Improper Authorization
CVSS 6.5
CVE-2024-12347 MEDIUM
Guangzhou Huayi Jeewms <=1.0.0 - Unauthenticated Improper Authorization in Druid
CVSS 5.3
CVE-2024-11860 MEDIUM
SourceCodester Best House Rental Management System 1.0 - Auth Bypass
CVSS 6.5
CVE-2024-36467 HIGH
Zabbix 5.0.0-5.0.43 - Authenticated Privilege Escalation via user.update API Endpoint
CVSS 7.5
CVE-2024-8676 HIGH
CRI-O < 1.29.11 - Improper Authorization via Checkpoint Restore
CVSS 7.4
CVE-2024-10729 HIGH
Booking & Appointment Plugin <6.9.0 - Info Disclosure
CVSS 8.8
CVE-2024-52287 HIGH
authentik <2024.8.5,2024.10.3 - Info Disclosure
CVSS 7.2
Details
Vulnerabilities 1,326
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits