CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2023-22428 HIGH
Command Centre <vEL8.80.1192 - Privilege Escalation
CVSS 7.6
CVE-2023-3805 HIGH
Four-faith Video Surveillance Management System < 2023-07-12 - Improper Authorization
CVSS 7.3
CVE-2023-32482 MEDIUM
Dell Wyse Management Suite < 4.0 - Authenticated Improper Authorization
CVSS 4.9
CVE-2023-3574 MEDIUM
pimcore/customer-data-framework <3.4.1 - Info Disclosure
CVSS 6.5
CVE-2023-25517 HIGH
NVIDIA GPU Display Driver < 11.13 - Improper Authorization in vGPU Plugin
CVSS 7.1
CVE-2023-36611 MEDIUM
Ovarro TBox Firmware < 1.50.598 - Improper Authorization via SSH Session Token Access
CVSS 6.5
CVE-2023-34460 MEDIUM
Tauri 1.4.0 - Improper Authorization via Filesystem Scope Check Regression
CVSS 4.8
CVE-2023-0837 MEDIUM
TeamViewer Remote 15.41-15.42.7 - Unauthenticated Improper Authorization in Local Device Settings
CVSS 6.6
CVE-2023-33142 MEDIUM
Microsoft SharePoint Server - Privilege Escalation
CVSS 6.5
CVE-2023-32022 HIGH
Windows Server Service - Privilege Escalation
CVSS 7.6
CVE-2023-1910 MEDIUM
Getwid - Gutenberg Blocks <1.8.3 - Info Disclosure
CVSS 4.3
CVE-2023-29152 MEDIUM
Vuforia Studio < 9.9 - Unauthenticated Arbitrary File Deletion via Filename Parameter
CVSS 6.2
CVE-2023-24476 LOW
PTC Vuforia Studio <= 9.9 - Authentication Bypass
CVSS 1.8
CVE-2023-30948 MEDIUM
Foundry Comments <2.249.0 - Info Disclosure
CVSS 6.5
CVE-2023-0584 MEDIUM
VK Blocks <= 1.57.0.5 - Authenticated Improper Authorization via REST update_options Function
CVSS 4.3
CVE-2023-0583 MEDIUM
VK Blocks <= 1.57.0.5 - Authenticated Improper Authorization via REST update_vk_blocks_options Function
CVSS 4.3
CVE-2023-34091 MEDIUM
Kyverno <1.10.0 - Privilege Escalation
CVSS 6.5
CVE-2023-32717 MEDIUM
Splunk Enterprise < 9.0.5, 8.2.11, 8.1.14 & Splunk Cloud < 9.0.2303.100 - Unauthorized Search Result Overwrite
CVSS 4.3
CVE-2023-32709 MEDIUM
Splunk < 9.0.5, 8.2.11, 8.1.14 & Splunk Cloud < 9.0.2303.100 - Unauthorized Access to Hashed Credentials
CVSS 4.3
CVE-2023-32707 HIGH
Splunk Enterprise <9.0.5 - Privilege Escalation
CVSS 8.8
CVE-2023-34219 MEDIUM
JetBrains TeamCity < 2023.05 - Improper Authorization via REST API
CVSS 4.3
CVE-2023-33189 CRITICAL
Pomerium < 0.17.4, 0.18.0-0.18.0, 0.19.0-0.19.1, 0.20.0, 0.21.0-0.21.3, 0.22.0-0.22.1 - Improper Authorization
CVSS 10.0
CVE-2023-33183 LOW
Nextcloud Calendar <4.2.3 - Info Disclosure
CVSS 2.6
CVE-2023-2950 HIGH
OpenEMR < 7.0.1 - Improper Authorization
CVSS 8.1
CVE-2023-2496 HIGH
Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Arbitrary File Upload
CVSS 7.1
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits