CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2022-42961 MEDIUM
wolfssl < 5.5.0 - ECDSA Key Disclosure via Rowhammer Fault Injection
CVSS 5.3
CVE-2022-34434 MEDIUM
Dell Cloud Mobility for Dell EMC Storage < 1.3.1 - Improper Access Control in Postgres Database
CVSS 6.7
CVE-2022-39873 MEDIUM
Samsung Internet < 18.0.4.14 - Unauthenticated Bookmark Addition in Secret Mode
CVSS 4.3
CVE-2022-39862 MEDIUM
Samsung Dynamic Lockscreen < 3.3.03.66 - Unauthorized JavaScript Interface API Access
CVSS 5.3
CVE-2022-32170 MEDIUM
bytebase < 1.0.4 - Unauthenticated Project Information Disclosure via API Endpoint
CVSS 4.3
CVE-2022-32169 MEDIUM
bytebase < 1.0.4 - Unauthenticated Admin Issue Access via /issue Endpoint
CVSS 4.3
CVE-2022-29490 HIGH
Hitachi Energy MicroSCADA X SYS600 10.0-10.3.1 - Authenticated Arbitrary Script Execution via Workplace X WebUI
CVSS 8.5
CVE-2022-36110 HIGH
Netmaker <0.15.1 - Privilege Escalation
CVSS 8.8
CVE-2022-36876 LOW
Samsung Pass < 4.0.04.10 - Unauthenticated Account List Access via UPI Payment
CVSS 1.8
CVE-2022-36872 MEDIUM
Samsung Pay < 5.0.63 (KR) / < 5.1.47 (Global) - Unauthenticated Pending Intent Hijacking via Implicit Intent
CVSS 5.0
CVE-2022-36871 MEDIUM
Samsung Pay < 5.1.47 (Global) < 5.0.63 (KR) - Unauthenticated Pending Intent Hijacking via Implicit Intent
CVSS 5.0
CVE-2022-36870 MEDIUM
Samsung Pay < 5.1.47 (Global) / < 5.0.63 (KR) - Unauthenticated Pending Intent Hijacking via Implicit Intent
CVSS 5.0
CVE-2022-36857 LOW
Google Android < 3.0.23.43 - Improper Authorization
CVSS 1.9
CVE-2022-36852 LOW
Android Video Editor - Improper Authorization
CVSS 1.9
CVE-2022-36848 MEDIUM
Android - Improper Authorization in setDualDARPolicyCmd
CVSS 5.1
CVE-2022-36090 HIGH
XWiki Platform Old Core <14.3-rc-1 - Privilege Escalation
CVSS 8.1
CVE-2022-31167 HIGH
XWiki Platform <12.10.11, 13.4.6 - Info Disclosure
CVSS 7.1
CVE-2022-31247 CRITICAL
SUSE Rancher <2.6.7-2.5.16 - Privilege Escalation
CVSS 9.1
CVE-2022-2901 HIGH
chatwoot < 2.8.0 - Improper Authorization
CVSS 7.1
CVE-2022-20921 HIGH
Cisco ACI Multi-Site Orchestrator < 3.1(1n) - Authenticated Privilege Escalation via API
CVSS 8.8
CVE-2022-32838 MEDIUM
iPadOS < 15.6 - Unauthorized Arbitrary File Read
CVSS 5.5
CVE-2022-34256 HIGH
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Privilege Escalation
CVSS 7.5
CVE-2022-2661 CRITICAL
Sequi PortBloque S - Privilege Escalation
CVSS 9.9
CVE-2022-31609 HIGH
NVIDIA Virtual GPU Manager 11.0-11.8 - Improper Authorization
CVSS 7.8
CVE-2022-2675 MEDIUM
Unitree Go 1 Firmware < 0.1.35 - Unauthenticated Denial of Service via RF Signal
CVSS 6.5
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits