CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2023-20088 MEDIUM
Cisco Finesse - Unauthenticated Denial of Service via Reverse Proxy IP Filtering Bypass
CVSS 5.3
CVE-2023-1164 HIGH
KylinOS < 1.3.11-23 and < 1.30.10-5.p23 - Improper Authorization in File Import
CVSS 8.4
CVE-2023-22636 HIGH
FortiWeb 6.3.6-6.3.21, 6.4.0-6.4.2, 7.0.0-7.0.4 - Unauthenticated Configuration File Download via HTTP Request
CVSS 7.0
CVE-2023-0914 MEDIUM
pixelfed < 0.11.4 - Improper Authorization
CVSS 5.3
CVE-2023-0822 HIGH
DIAEnergie <1.9.03.001 - Auth Bypass
CVSS 8.8
CVE-2023-22938 MEDIUM
Splunk Enterprise < 8.1.13, < 8.2.10, < 9.0.4 - Authenticated Email Spoofing via sendemail REST Endpoint
CVSS 4.3
CVE-2023-22931 MEDIUM
Splunk Enterprise < 8.1.13 and 8.2.10 - Improper Authorization in RSS Feed Creation
CVSS 4.3
CVE-2023-21440 MEDIUM
Samsung Android - Unauthorized Screen Capture via WindowManagerService
CVSS 6.2
CVE-2023-21436 LOW
Samsung Android Contacts - Improper Authorization via Implicit Intent
CVSS 3.3
CVE-2023-21433 HIGH
Samsung Galaxy Store < 4.5.49.8 - Improper Access Control
CVSS 7.8
CVE-2023-21432 MEDIUM
Samsung SmartThings < 1.7.93 - Unauthenticated User Invitation via Improper Access Control
CVSS 4.2
CVE-2023-21429 MEDIUM
Samsung Android - Improper Authorization via Implicit Intent in ePDG
CVSS 4.0
CVE-2023-21424 MEDIUM
Samsung Android - Improper Authorization in SemChameleonHelper
CVSS 5.1
CVE-2023-21423 MEDIUM
Samsung Android ChnFileShareKit - Improper Authorization via BLE Advertising Control
CVSS 5.1
CVE-2023-21422 MEDIUM
Samsung Android - Improper Authorization in WifiService semAddPublicDnsAddr
CVSS 5.7
CVE-2023-23696 HIGH
Dell Command Intel vPro Out of Band < 4.4.0 - Authenticated Arbitrary File Write
CVSS 7.0
CVE-2023-0610 MEDIUM
wallabag < 2.5.3 - Improper Authorization
CVSS 4.3
CVE-2023-0609 MEDIUM
wallabag < 2.5.3 - Improper Authorization
CVSS 4.3
CVE-2023-22480 HIGH
KubeOperator < 3.16.4 - Improper Authorization
CVSS 7.3
CVE-2023-21549 HIGH
Windows SMB Witness Service - Privilege Escalation
CVSS 8.8
CVE-2022-34363 MEDIUM
Dell Unisphere For PowerMax - Improper Authorization
CVSS 6.5
CVE-2022-31671 HIGH
Harbor 2.0.0-2.4.2 and 1.0.0-1.10.12 - Authenticated Improper Authorization via P2P Preheat Execution Logs
CVSS 7.4
CVE-2022-31670 HIGH
Harbor 1.0.0-1.10.12 - Authenticated Tag Retention Policy Modification via Permission Bypass
CVSS 7.7
CVE-2022-31669 MEDIUM
Harbor 2.0.0-2.4.2 and 1.0.0-1.10.12 - Authenticated Improper Authorization in Tag Immutability Policy Update
CVSS 6.4
CVE-2022-31668 HIGH
Harbor 2.0.0-2.4.2 - Authenticated Improper Authorization in P2P Preheat Policy Update
CVSS 7.4
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits