CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2024-21035 MEDIUM
Oracle Complex Maintenance, Repair, and Overhaul 12.2.3-12.2.13 - Unauthenticated Improper Authorization in LOV
CVSS 6.1
CVE-2024-21031 MEDIUM
Oracle Complex Maintenance, Repair, and Overhaul 12.2.3-12.2.13 - Unauthenticated Improper Authorization in LOV
CVSS 6.1
CVE-2024-21026 MEDIUM
Oracle Complex Maintenance 12.2.3-12.2.13 - Unauthenticated Improper Authorization via LOV
CVSS 6.1
CVE-2024-21018 MEDIUM
Oracle Complex Maintenance, Repair, and Overhaul 12.2.3-12.2.13 - Unauthenticated Improper Authorization
CVSS 6.1
CVE-2024-3027 MEDIUM
Smart Slider 3 <3.5.1.22 - Info Disclosure
CVSS 6.4
CVE-2024-1289 MEDIUM
LearnPress - WordPress LMS Plugin <4.2.6.3 - Info Disclosure
CVSS 6.5
CVE-2024-26193 MEDIUM
Azure Migrate < 6.1.294.1003 - Remote Code Execution
CVSS 6.4
CVE-2024-3434 MEDIUM
CP Plus Wi-Fi Camera <20240401 - Auth Bypass
CVSS 5.4
CVE-2024-30260 LOW
undici < 5.28.4 - Improper Authorization via Uncleared Headers in undici.request()
CVSS 3.9
CVE-2024-3139 MEDIUM
SourceCodester Computer Laboratory Management System 1.0 - Improper Authorization in Users.php save_users Function
CVSS 5.4
CVE-2024-3013 MEDIUM
FLIR AX8 Firmware < 1.46.16 - Improper Authorization via User Registration
CVSS 6.3
CVE-2024-0077 HIGH
NVIDIA Virtual GPU Manager - Privilege Escalation
CVSS 7.8
CVE-2024-20333 MEDIUM
Cisco Catalyst Center - Auth Bypass
CVSS 4.3
CVE-2024-27916 HIGH
Minder < 0.0.33 - Improper Authorization via Repository Endpoint Access
CVSS 7.1
CVE-2024-29033 HIGH
jupyter/oauthenticator < 16.3.0 - Improper Authorization via GoogleOAuthenticator.hosted_domain
CVSS 7.5
CVE-2024-2641 MEDIUM
Ruijie RG-NBS2009G-P <20240305 - Auth Bypass
CVSS 5.3
CVE-2024-27937 MEDIUM
GLPI 10.0.0-10.0.12 - Authenticated Email Address Disclosure
CVSS 6.5
CVE-2024-27930 MEDIUM
GLPI 0.78-10.0.12 - Authenticated Sensitive Data Exposure via Item Field Access
CVSS 6.5
CVE-2024-2557 MEDIUM
kishor-23 Food Waste Management System 1.0 - Improper Authorization in /admin/admin.php
CVSS 5.3
CVE-2024-21761 MEDIUM
FortiPortal 7.0.0-7.0.6 and 7.2.0 - Improper Authorization via Request Payload Modification
CVSS 4.3
CVE-2024-2317 LOW
Bdtask Hospital AutoManager < 2024-02-27 - Improper Authorization in Prescription Page
CVSS 3.8
CVE-2024-25063 HIGH
Hikvision HikCentral Professional <= 2.5.1 - Improper Authorization
CVSS 7.5
CVE-2024-24900 MEDIUM
Dell Secure Connect Gateway - Auth Bypass
CVSS 5.8
CVE-2024-1043 MEDIUM
Ampforwp Accelerated Mobile Pages < 1.0.93.2 - Missing Authorization
CVSS 6.5
CVE-2024-20943 MEDIUM
Oracle Knowledge Management 12.2.3-12.2.13 - Improper Authorization via HTTP
CVSS 5.4
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits