CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,326 vulnerabilities with CWE-285
CVE-2024-48901 MEDIUM
Moodle < 4.1.14 - Improper Authorization in Report Schedule Access
CVSS 4.3
CVE-2024-48897 MEDIUM
Moodle < 4.1.14 - Improper Authorization in RSS Feed Management
CVSS 4.3
CVE-2024-11306 MEDIUM
Altenergy Power Control Software <20241108 - Auth Bypass
CVSS 5.3
CVE-2024-38370 MEDIUM
GLPI 9.2.0-10.0.16 - Unauthenticated Document Download via API
CVSS 5.3
CVE-2024-52528 CRITICAL
Budget Control Gateway <1.5.2 - Auth Bypass
CVE-2024-43602 CRITICAL
Azure CycleCloud 8.0.0-8.6.4 - Remote Code Execution
CVSS 9.9
CVE-2024-11073 MEDIUM
Hospital Management System 1.0 - Unauthenticated IDOR via Patient ID
CVSS 4.3
CVE-2024-51525 MEDIUM
HarmonyOS - Improper Authorization in Clipboard Module
CVSS 6.2
CVE-2024-10654 MEDIUM
TOTOLINK LR350 <= 9.3.5u.6369 - Authorization Bypass via authCode Parameter
CVSS 5.3
CVE-2024-10598 MEDIUM
Tongda OA 11.2-11.6 - Missing Authorization in Annual Leave Handler
CVSS 5.3
CVE-2024-48921 LOW
Kyverno < 1.13.0 - Improper Authorization via PolicyException Namespace Bypass
CVSS 2.7
CVE-2024-9235 HIGH
Mapster WP Maps < 1.5.0 - Authenticated Privilege Escalation via Insufficient Capability Check
CVSS 8.8
CVE-2024-9531 MEDIUM
MultiVendorX < 4.2.5 - Authenticated Arbitrary Vendor Deactivation Request via mvx_sent_deactivation_request
CVSS 4.3
CVE-2024-47876 HIGH
Sakai 23.0-23.1 - Improper Authorization via Roleview User Type
CVSS 8.8
CVE-2024-47165 MEDIUM
gradio < 5.0.0 - Improper Authorization via Null Origin CORS Bypass
CVSS 5.4
CVE-2024-47084 HIGH
Gradio < 4.44.0 - Improper Authorization via CORS Origin Validation Bypass
CVSS 8.3
CVE-2024-38129 HIGH
Windows Kerberos - Privilege Escalation
CVSS 7.5
CVE-2024-38425 MEDIUM
Qualcomm WSA8835 Firmware - Information Disclosure via Implicit Broadcast
CVSS 6.1
CVE-2024-47183 HIGH
Parse Server <6.5.9, <7.3.0 - Privilege Escalation
CVSS 8.1
CVE-2024-20441 MEDIUM
Cisco Nexus Dashboard <3.2(1e) & Fabric Controller 12.0.0-12.2.2 Authenticated Info Disclosure via REST API
CVSS 5.7
CVE-2024-20393 HIGH
Cisco Small Business RV340-345 - Privilege Escalation
CVSS 8.8
CVE-2024-9297 MEDIUM
SourceCodester Online Railway Reservation System 1.0 - Missing Authorization in Admin Page Parameter
CVSS 6.3
CVE-2024-20414 MEDIUM
Cisco IOS XE - Unauthenticated Cross-Site Request Forgery via HTTP GET Method
CVSS 6.5
CVE-2024-9082 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - Incorrect Privilege Assignment in User Creation Handler
CVSS 6.3
CVE-2024-43460 HIGH
Dynamics 365 Business Central - Authenticated Privilege Escalation
CVSS 8.1
Details
Vulnerabilities 1,326
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits