CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2022-31667 MEDIUM
Harbor 1.0.0-1.10.12 and 2.0.0-2.4.2 - Authenticated Improper Authorization via Robot Account Update
CVSS 6.4
CVE-2022-31666 HIGH
Harbor 2.0.0-2.4.2 and 1.0.0-1.10.12 - Missing Authorization for Webhook Policy Management
CVSS 7.7
CVE-2022-4962 MEDIUM
Apollo 2.0.0/2.0.1 - Improper Authorization in Configuration Center
CVSS 4.3
CVE-2022-47553 HIGH
Ormazabal ekorRCI and ekorCCP Firmware - Unauthenticated Sensitive Information Exposure
CVSS 8.6
CVE-2022-40536 HIGH
Qualcomm 315 5G IoT Modem Firmware - Denial of Service via Plain TLB OTA Request
CVSS 7.5
CVE-2022-40521 HIGH
Qualcomm Modem Firmware - Denial of Service via Improper Authorization
CVSS 7.5
CVE-2022-45450 HIGH
Acronis Agent < 28610 and Cyber Protect 15 < 30984 - Sensitive Information Disclosure and Manipulation
CVSS 7.5
CVE-2022-45128 MEDIUM
Intel Endpoint Management Assistant < 1.9.0.0 - Authenticated Denial of Service via Local Access
CVSS 5.0
CVE-2022-43465 MEDIUM
Intel Setup and Configuration Software - Authenticated Denial of Service via Local Access
CVSS 5.0
CVE-2022-41610 MEDIUM
Intel(R) EMA Config Tool <1.0.4 & Intel(R) MC <2.4 - DoS
CVSS 5.0
CVE-2022-3748 CRITICAL
ForgeRock Access Management 6.5.0-7.2.0 - Authentication Bypass via Improper Authorization
CVSS 9.8
CVE-2022-3787 HIGH
device-mapper-multipath - Local Privilege Escalation via Keyword Repetition in Access Control
CVSS 7.8
CVE-2022-3685 HIGH
HitachiEnergy SDM600 < 1.3 - Privilege Escalation
CVSS 7.5
CVE-2022-3686 MEDIUM
HitachiEnergy SDM600 < 1.2.23000.291 - Denial of Service via Parallel Request Flood
CVSS 4.8
CVE-2022-3683 HIGH
HitachiEnergy SDM600 < 1.2.23000.291 - Unauthenticated Sensitive Data Exposure via API Authorization Bypass
CVSS 7.7
CVE-2022-40208 MEDIUM
Moodle 3.9.0-3.9.15 and 4.0.0-4.0.2 - Improper Authorization in Quiz Web Services
CVSS 4.3
CVE-2022-46752 MEDIUM
Dell Inspiron and Latitude Firmware - Unauthenticated Denial of Service via Physical Access
CVSS 4.6
CVE-2022-38375 CRITICAL
Fortinet FortiNAC <9.4.1 - Auth Bypass
CVSS 9.1
CVE-2022-34446 HIGH
Dell PowerPath Management Appliance 3.2-3.3 - Authenticated Authorization Bypass
CVSS 8.8
CVE-2022-3229 CRITICAL
Unified Remote < 3.11.0.2483 - Unauthenticated Remote Code Execution via Web Management Interface
CVSS 9.8
CVE-2022-24894 MEDIUM
Symfony 2.0.0-4.4.49 - Session Fixation via HTTP Cache Set-Cookie Header
CVSS 5.9
CVE-2022-4062 HIGH
EcoStruxure Power Commission <V2.25 - Improper Authorization
CVSS 7.8
CVE-2022-3740 MEDIUM
GitLab 12.9-15.3.4, 15.4-15.4.3, 15.5-15.5.1 - Improper Authorization Bypass via Deploy Tokens or Keys
CVSS 6.5
CVE-2022-34405 HIGH
Realtek High Definition Audio Driver < 6.0.9433.1 - Authenticated Privilege Escalation via Process Attachment
CVSS 7.3
CVE-2022-4701 MEDIUM
Royal Elementor Addons <1.3.59 - Privilege Escalation
CVSS 4.3
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits