CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2023-28623 MEDIUM
Zulip < 6.2 - Unauthenticated Account Creation via LDAP Authentication Bypass
CVSS 6.5
CVE-2023-2782 MEDIUM
Acronis Cyber Infrastructure < 5.3.1-38 - Sensitive Information Disclosure
CVSS 5.5
CVE-2023-20184 MEDIUM
Cisco Catalyst Center < 2.2.3.5 - Authenticated Arbitrary Command Execution in Restricted Container
CVSS 5.4
CVE-2023-20183 MEDIUM
Cisco DNA Center - Privilege Escalation
CVSS 5.4
CVE-2023-20182 MEDIUM
Cisco DNA Center - Privilege Escalation
CVSS 5.4
CVE-2023-22348 MEDIUM
Checkmk <2.1.0p28, <2.2.0b8 - Privilege Escalation
CVSS 4.3
CVE-2023-28325 MEDIUM
Rocket.Chat < 6.0.0 - Improper Authorization via rid Parameter Manipulation
CVSS 6.5
CVE-2023-28318 MEDIUM
Rocket.Chat - Message Deletion Bypass via Message Hiding
CVSS 5.3
CVE-2023-28317 MEDIUM
Rocket.Chat - Message Timestamp Manipulation via Edit Function
CVSS 5.3
CVE-2023-29338 MEDIUM
Visual Studio Code < 1.78.1 - Spoofing
CVSS 6.6
CVE-2023-2534 HIGH
OTRS 8.0.0-8.0.31 - Authenticated Improper Authorization via Websocket API
CVSS 7.6
CVE-2023-21505 MEDIUM
Samsung Core Service <2.1.00.36 - Privilege Escalation
CVSS 4.0
CVE-2023-30467 HIGH
Milesight 4K/H.265 Series NVR Firmware < 73.9.0.18-r2 - Improper Authorization
CVSS 7.5
CVE-2023-2345 MEDIUM
SourceCodester Service Provider Management System 1.0 - Auth Bypass
CVSS 6.3
CVE-2023-2227 CRITICAL
modoboa < 2.1.0 - Improper Authorization
CVSS 9.1
CVE-2023-28973 HIGH
Juniper Networks Junos OS Evolved - Privilege Escalation
CVSS 7.1
CVE-2023-26466 HIGH
Pega Synchronization Engine 3.1.1 through 3.1.30 - Server URL Modification
CVSS 7.8
CVE-2023-1167 MEDIUM
GitLab 12.3.0-15.8.4, 15.9.0-15.9.3, 15.10.0 - Unauthenticated Security Report Access in Merge Requests
CVSS 5.3
CVE-2023-28634 HIGH
GLPI <9.5.13, <10.0.7 - Privilege Escalation
CVSS 8.8
CVE-2023-0665 MEDIUM
HashiCorp Vault < 1.11.9 - Improper Authorization in PKI Issuer Endpoint
CVSS 6.5
CVE-2023-27594 MEDIUM
Cilium < 1.11.15, 1.12.0-1.12.7, 1.13.0 - Network Policy Bypass via IPv6 NodePort Traffic Misattribution
CVSS 4.2
CVE-2023-21461 MEDIUM
Samsung Android - Unauthenticated Denial of Service via AutoPowerOnOffConfirmDialog
CVSS 4.0
CVE-2023-21454 LOW
Samsung Keyboard - Unauthenticated User Text History Exposure on Lockscreen
CVSS 2.4
CVE-2023-21452 LOW
Samsung Android - Improper Authorization via Bluetooth Implicit Intent
CVSS 3.3
CVE-2023-0734 MEDIUM
wallabag < 2.5.4 - Improper Authorization
CVSS 5.3
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits