CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2023-40683 HIGH
IBM OpenPages with Watson <9.0 - Auth Bypass
CVSS 8.8
CVE-2023-6878 HIGH
Slick Social Share Buttons <2.4.11 - Info Disclosure
CVSS 8.8
CVE-2023-6496 MEDIUM
Manage Notification E-mails <= 1.8.5 - Unauthenticated Missing Authorization via card_famne_export_settings
CVSS 5.3
CVE-2023-40430 MEDIUM
macOS < 14.0 - Unauthorized Removable Volume Access
CVSS 5.5
CVE-2023-48252 HIGH
Bosch NEXO-OS 1000-1500-sp2 - Authenticated Improper Authorization via Crafted HTTP Requests
CVSS 8.8
CVE-2023-52139 CRITICAL
Misskey < 2023.12.1 - Improper Authorization via Incorrectly Specified Endpoints
CVSS 9.0
CVE-2023-50871 MEDIUM
JetBrains YouTrack < 2023.3.22268 - Improper Authorization for Inline Comments
CVSS 4.3
CVE-2023-41673 HIGH
Fortinet FortiADC <7.2.2 - Info Disclosure
CVSS 7.1
CVE-2023-6538 HIGH
SMU <14.8.7825.01 - Info Disclosure
CVSS 7.6
CVE-2023-5808 HIGH
Hitachi Vantara NAS SMU < 14.8.7825.01 - Authenticated Information Disclosure via URL Manipulation
CVSS 7.6
CVE-2023-48309 MEDIUM
next-auth < 4.24.5 - Improper Authorization via Middleware JWT Manipulation
CVSS 5.3
CVE-2023-48241 HIGH
XWiki Platform 6.3-milestone-2-14.10.15 - Unauthenticated Information Disclosure via Solr Search Suggestion Provider
CVSS 7.5
CVE-2023-30954 LOW
Gotham video-application-server < 2.206.1 - Race Condition in ACL Application
CVSS 2.7
CVE-2023-32662 MEDIUM
Intel Battery Life Diagnostic Tool < 2.2.1 - Privilege Escalation via Improper Authorization
CVSS 6.7
CVE-2023-28378 MEDIUM
Intel QuickAssist Technology Library - Improper Authorization
CVSS 6.7
CVE-2023-36633 MEDIUM
FortiMail <7.2.2, >7.0.4 - Auth Bypass
CVSS 5.4
CVE-2023-47109 MEDIUM
PrestaShop blockreassurance < 5.1.4 - Unauthenticated Arbitrary File Deletion via Block Manipulation
CVSS 5.5
CVE-2023-42541 MEDIUM
Samsung Push Service < 3.4.10 - Improper Authorization in PushClientProvider
CVSS 4.0
CVE-2023-28556 HIGH
Qualcomm 315 5G IoT Modem Firmware - Cryptographic Issue in HLOS Key Management
CVSS 7.1
CVE-2023-5948 MEDIUM
teamamaze/amazefileutilities < 1.90 - Improper Authorization
CVSS 5.5
CVE-2023-42491 HIGH
EisBaer Scada < 3.0.6433.1964 - Improper Authorization
CVSS 8.8
CVE-2023-5654 MEDIUM
React Developer Tools <= 4.28.4 - Browser-Mediated Arbitrary URL Fetch
CVSS 6.5
CVE-2023-38220 HIGH
Adobe Commerce <2.4.7-beta1-2.4.4-p5 - Auth Bypass
CVSS 7.5
CVE-2023-41841 HIGH
FortiOS 7.0.0-7.0.11 and 7.2.0-7.2.4 - Authenticated Improper Authorization
CVSS 8.1
CVE-2023-3037 HIGH
HelpDezk Community <1.1.10 - Info Disclosure
CVSS 8.6
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits