CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2022-4879 MEDIUM
Forged Alliance Forever <3746 - Auth Bypass
CVSS 4.6
CVE-2022-4868 MEDIUM
GitHub froxlor/froxlor <2.0.0-beta1 - Info Disclosure
CVSS 4.3
CVE-2022-45874 MEDIUM
Huawei Aslan Children's Watch Firmware >=11.1.0.118(c00m06) <11.1.0.10118(c00m06) - Improper Authorization
CVSS 5.5
CVE-2022-4804 MEDIUM
usememos/memos <0.9.1 - Info Disclosure
CVSS 5.3
CVE-2022-4688 HIGH
usememos/memos <0.9.0 - Info Disclosure
CVSS 8.8
CVE-2022-29913 MEDIUM
Thunderbird < 91.9 - Improper Authorization via Speech Synthesis Feature
CVSS 6.5
CVE-2022-3187 MEDIUM
Dataprobe iBoot-PDU Firmware < 1.42.06162022 - Unauthenticated Information Disclosure via PHP Page Access
CVSS 5.3
CVE-2022-46312 HIGH
Application Management Module - Privilege Escalation
CVSS 7.5
CVE-2022-23542 HIGH
OpenFGA 0.3.0 - Authorization Bypass
CVSS 7.7
CVE-2022-2536 MEDIUM
Transposh WordPress Translation <1.0.8.1 - Info Disclosure
CVSS 5.3
CVE-2022-47409 CRITICAL
fp_newsletter <1.1.1, 1.2.0, 2.x<2.1.2, 2.2.1-2.4.0, 3.x<3.2.6 - Unauthenticated Mass Unsubscription
CVSS 9.1
CVE-2022-39905 MEDIUM
Android Telecom - Implicit Intent Hijacking
CVSS 4.0
CVE-2022-39902 MEDIUM
Samsung Exynos Firmware - Unauthenticated Sensitive Information Disclosure via Emergency Call
CVSS 6.5
CVE-2022-39890 MEDIUM
Samsung Billing < 5.0.56.0 - Improper Authorization
CVSS 6.2
CVE-2022-39883 MEDIUM
Android StorageManagerService - Improper Authorization
CVSS 4.0
CVE-2022-39879 MEDIUM
Android - Improper Authorization in CallBGProvider
CVSS 5.9
CVE-2022-39356 HIGH
Discourse < 2.8.10 - Unauthenticated Account Takeover via Unscoped Invitation Link
CVSS 8.9
CVE-2022-27583 CRITICAL
SICK FLX3-CPUC1 and FLX3-CPUC2 Firmware < 1.10.0 - Unauthenticated Denial of Service via Configuration Interface
CVSS 9.1
CVE-2022-39329 LOW
Nextcloud Server and Nextcloud Enterprise Server < 23.0.9 - Unauthenticated Information Exposure
CVSS 3.5
CVE-2022-36454 MEDIUM
Mitel MiCollab <9.5.0.101 - Privilege Escalation
CVSS 6.5
CVE-2022-36453 HIGH
Mitel MiCollab <9.5.0.101 - Privilege Escalation
CVSS 8.8
CVE-2022-39342 MEDIUM
OpenFGA < 0.2.4 - Authorization Bypass via Tupleset Relation
CVSS 5.9
CVE-2022-39341 MEDIUM
OpenFGA < 0.2.4 - Authorization Bypass via Wildcard TupleSet Relations
CVSS 5.9
CVE-2022-39340 MEDIUM
OpenFGA < 0.2.4 - Unauthenticated Information Disclosure via streamed-list-objects Endpoint
CVSS 5.3
CVE-2022-39322 CRITICAL
Keystone 2.2.0-2.3.1 - Improper Authorization in Multiselect Field Access Control
CVSS 9.1
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits