CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2024-39412 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Improper Authorization
CVSS 4.3
CVE-2024-39411 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
CVSS 4.3
CVE-2024-39407 MEDIUM
Adobe Commerce < 2.4.3 - Improper Authorization
CVSS 4.3
CVE-2024-39405 MEDIUM
Adobe Commerce 2.4.7-p1 2.4.6-p6 2.4.5-p8 2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
CVSS 4.3
CVE-2024-39404 MEDIUM
Adobe Commerce < 2.4.3 - Improper Authorization
CVSS 4.3
CVE-2024-6384 MEDIUM
MongoDB Enterprise <6.0.16-7.3.3 - Info Disclosure
CVSS 5.3
CVE-2024-42036 LOW
Huawei EMUI and HarmonyOS - Improper Authorization in Notepad Module
CVSS 2.5
CVE-2024-42032 MEDIUM
Huawei EMUI and HarmonyOS - Improper Authorization in Contacts Module
CVSS 4.4
CVE-2024-7578 HIGH
Alien Technology ALR-F800 Firmware <= 19.10.24 - Improper Authorization via cmd.php cmd Argument
CVSS 7.3
CVE-2024-36130 CRITICAL
EPMM <12.1.0.1 - Privilege Escalation
CVSS 9.8
CVE-2024-41962 MEDIUM
Bostr < 3.0.10 - Improper Authorization via noscraper Bypass
CVSS 4.6
CVE-2024-40814 HIGH
macOS Sonoma <14.6 - Info Disclosure
CVSS 7.1
CVE-2024-40807 MEDIUM
macOS < 12.7.6, < 13.6.8, < 14.6 - Unprotected User Data Exposure via Shortcut Actions
CVSS 5.5
CVE-2024-40783 MEDIUM
macOS < 12.7.6, < 13.6.8, < 14.6 - Privacy Preferences Bypass via Data Container Access
CVSS 5.5
CVE-2024-41670 HIGH
PrestaShop <6.4.2, <3.18.1 - Info Disclosure
CVSS 7.5
CVE-2024-21179 MEDIUM
MySQL Server < 8.0.37 - Authenticated Denial of Service in InnoDB
CVSS 4.9
CVE-2024-21166 MEDIUM
MySQL Server 8.0.0-8.0.36 and 8.3.0 - Authenticated Unauthorized Data Modification and Denial of Service in InnoDB
CVSS 5.9
CVE-2024-21159 MEDIUM
MySQL Server < 8.0.36 and 8.3.0 - Authenticated Denial of Service in InnoDB
CVSS 4.9
CVE-2024-21137 MEDIUM
MySQL Server < 8.0.35 and 8.2.0 - Denial of Service in Optimizer
CVSS 4.9
CVE-2024-36438 HIGH
eLinkSmart Hidden Smart Cabinet Lock <2024-05-22 - Privilege Escala...
CVSS 7.3
CVE-2024-30061 HIGH
Microsoft Dynamics 365 (On-Premises) - Info Disclosure
CVSS 7.3
CVE-2024-39597 HIGH
SAP Commerce HY_COM 2205 and COM_CLOUD 2211 - Improper Authorization via Forgotten Password Functionality
CVSS 7.2
CVE-2024-6375 MEDIUM
MongoDB <5.0.22-6.0.11-7.0.3 - Privilege Escalation
CVSS 5.4
CVE-2024-38371 HIGH
authentik < 2024.2.4 - Improper Access Control in OAuth2 Device Code Flow
CVSS 8.6
CVE-2024-37282 HIGH
Elastic Cloud Enterprise 3.0.0-3.7.1 - Improper Authorization via API Key Privilege Escalation
CVSS 8.1
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits