CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2024-9082 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - Incorrect Privilege Assignment in User Creation Handler
CVSS 6.3
CVE-2024-43460 HIGH
Dynamics 365 Business Central - Authenticated Privilege Escalation
CVSS 8.1
CVE-2024-46942 MEDIUM
OpenDaylight Model-Driven Service Abstraction Layer <= 13.0.1 - Improper Authorization
CVSS 6.5
CVE-2024-6840 MEDIUM
Ansible Automation Controller - Privilege Escalation
CVSS 6.6
CVE-2024-20381 HIGH
Cisco Crosswork NSO/ConfD - Privilege Escalation
CVSS 8.8
CVE-2024-43482 MEDIUM
Microsoft Outlook for iOS < 4.2435.0 - Information Disclosure
CVSS 6.5
CVE-2024-38231 MEDIUM
Windows Remote Desktop Licensing Service - DoS
CVSS 6.5
CVE-2024-45044 HIGH
bareos 21.1.11 22.0.0-22.1.6 23.0.0-23.0.4 - Improper Authorization via Command Abbreviation Bypass
CVSS 8.8
CVE-2024-8509 HIGH
Red Hat Migration Toolkit for Virtualization 2.6 - Improper Authorization via Bearer Token Validation Bypass
CVSS 7.5
CVE-2024-20497 MEDIUM
Cisco Expressway Edge - Auth Bypass
CVSS 4.3
CVE-2024-42039 MEDIUM
Huawei EMUI and HarmonyOS - Improper Authorization in SystemUI Module
CVSS 4.3
CVE-2024-45307 HIGH
SudoBot <9.26.7 - Privilege Escalation
CVSS 8.8
CVE-2024-34463 MEDIUM
BPL Personal Weighing Scale PWS-01BT - Info Disclosure
CVSS 5.1
CVE-2024-5053 MEDIUM
Fluent Forms < 5.1.18 - Unauthorized Mailchimp API Key Update via Insufficient Capability Check
CVSS 4.2
CVE-2024-42490 HIGH
authentik < 2024.4.4, >=2024.6.0-rc1 < 2024.6.4 - Improper Authorization via API Endpoints
CVSS 7.5
CVE-2024-7851 MEDIUM
Yoga Class Registration System 1.0 - Improper Authorization in Add User Handler
CVSS 6.3
CVE-2024-6347 MEDIUM
Nissan Altima 2022 Blind Spot Detection Sensor ECU Firmware - Unauthenticated Denial of Service via UDS Session
CVSS 6.5
CVE-2024-7624 HIGH
Zephyr Project Manager <= 3.3.101 - Authenticated Privilege Escalation via update_user_access()
CVSS 8.1
CVE-2024-7799 MEDIUM
Simple Online Bidding System 1.0 - Improper Authorization in Admin Users Page
CVSS 5.3
CVE-2024-39419 MEDIUM
Adobe Commerce 2.4.7-p1/2.4.6-p6/2.4.5-p8/2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
CVSS 4.3
CVE-2024-39418 MEDIUM
Adobe Commerce < 2.4.7-p1, < 2.4.6-p6, < 2.4.5-p8, < 2.4.4-p9 - Improper Authorization
CVSS 5.4
CVE-2024-39417 MEDIUM
Adobe Commerce < 2.4.3 - Improper Authorization
CVSS 4.3
CVE-2024-39416 MEDIUM
Adobe Commerce < 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 - Security Feature Bypass via Improper Authorization
CVSS 4.3
CVE-2024-39415 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
CVSS 4.3
CVE-2024-39413 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
CVSS 4.3
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits