CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2023-20186 HIGH
Cisco IOS - Authenticated Improper Authorization via SCP Command Processing
CVSS 8.0
CVE-2023-44125 MEDIUM
Personalized service - Privilege Escalation
CVSS 6.1
CVE-2023-44123 MEDIUM
Bluetooth Setting < - Privilege Escalation
CVSS 6.1
CVE-2023-42453 LOW
Synapse >=1.34.0 <1.93.0 - Improper Authorization via Forged Read Receipts
CVSS 3.1
CVE-2023-28055 HIGH
Dell NetWorker 19.7 - Unauthenticated Improper Authorization via Command Manipulation
CVSS 8.8
CVE-2023-0456 HIGH
APICast < 2.12.2 - Missing Authorization via OIDC Token Realm Mismatch
CVSS 7.4
CVE-2023-0813 HIGH
Red Hat Network Observability - Unauthenticated Access via Loki authToken Misconfiguration
CVSS 7.5
CVE-2023-33020 HIGH
Qualcomm 9206 LTE Firmware - Denial of Service via Invalid Channel in CSA IE
CVSS 7.5
CVE-2023-33019 HIGH
Qualcomm 9206 LTE Firmware - Denial of Service via Invalid Channel in CSA IE
CVSS 7.5
CVE-2023-28584 HIGH
Qualcomm WLAN Firmware - Denial of Service via Invalid Channel in CSA IE
CVSS 7.5
CVE-2023-32678 MEDIUM
zulip_server < 7.3 - Improper Authorization
CVSS 6.5
CVE-2023-38508 MEDIUM
Tuleap <14.11.99.28 & <14.10-6 & <14.11-3 - Info Disclosure
CVSS 6.5
CVE-2023-3899 HIGH
subscription-manager - Privilege Escalation
CVSS 7.8
CVE-2023-39403 CRITICAL
Huawei EMUI and HarmonyOS - Improper Authorization in installd Module
CVSS 9.1
CVE-2023-39402 CRITICAL
Huawei EMUI and HarmonyOS - Path Traversal in installd Module
CVSS 9.1
CVE-2023-39401 CRITICAL
Huawei EMUI and HarmonyOS - Path Traversal in installd Module
CVSS 9.1
CVE-2023-39400 CRITICAL
Huawei EMUI and HarmonyOS - Path Traversal in installd Module
CVSS 9.1
CVE-2023-39399 CRITICAL
Huawei EMUI and HarmonyOS - Improper Authorization in installd Module
CVSS 9.1
CVE-2023-39398 CRITICAL
Huawei EMUI and HarmonyOS - Improper Authorization in installd Module
CVSS 9.1
CVE-2023-28385 HIGH
Intel NUC Pro Software Suite < 2.0.0.9 - Privilege Escalation via Improper Authorization
CVSS 8.2
CVE-2023-4243 HIGH
FULL - Customer < 2.2.3 - Authenticated Arbitrary File Upload via /install-plugin REST Route
CVSS 8.8
CVE-2023-3957 MEDIUM
ACF Photo Gallery Field <= 1.9 - Authenticated Arbitrary User Meta Update via apg_profile_update
CVSS 4.3
CVE-2023-36826 HIGH
Sentry 8.21.0-23.5.2 - Authenticated Improper Authorization via Debug/Artifact Bundle Download
CVSS 7.7
CVE-2023-23568 MEDIUM
Gallagher Command Centre < 8.40.2216 - Authenticated Privilege Escalation via Personal Data Fields
CVSS 4.3
CVE-2023-25074 HIGH
Gallagher Command Centre < 8.40.2216 - Authenticated Privilege Escalation via Competency Modification
CVSS 7.1
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits