CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2022-0027 MEDIUM
Cortex XSOAR 6.1-6.2, 6.5, < 6.6.0.2585049 - Authenticated Unauthorized Incident Data Access via Email Report Generation
CVSS 4.3
CVE-2022-0993 HIGH
SiteGround Security < 1.2.5 - Unauthenticated Authentication Bypass via 2FA Backup Code
CVSS 8.1
CVE-2022-28776 MEDIUM
Galaxy Store <4.5.36.4 - Info Disclosure
CVSS 5.9
CVE-2022-1224 MEDIUM
phpipam < 1.4.6 - Improper Authorization
CVSS 6.5
CVE-2022-0406 MEDIUM
GitHub janeczku/calibre-web <0.6.16 - Auth Bypass
CVSS 4.3
CVE-2022-0860 CRITICAL
cobbler < 3.3.2 - Improper Authorization
CVSS 9.1
CVE-2022-0821 MEDIUM
OrchardCore < 1.3.0 - Improper Authorization
CVSS 6.5
CVE-2022-0829 HIGH
webmin < 1.990 - Improper Authorization
CVSS 8.1
CVE-2022-21196 CRITICAL
Airspan Mimosa Management Platform <1.0.3 & C6x/C5x/C5c <2.8.6.1 & A5x <2.5.4.1 - Auth Bypass
CVSS 10.0
CVE-2022-0587 MEDIUM
Packagist librenms/librenms <22.2.0 - Info Disclosure
CVSS 6.5
CVE-2022-24002 MEDIUM
Link Sharing <12.4.00.3 - Auth Bypass
CVSS 4.0
CVE-2022-22288 HIGH
Galaxy Store <4.5.36.5 - Auth Bypass
CVSS 7.5
CVE-2022-22272 MEDIUM
TelephonyManager <SMR Jan-2022 Release 1 - Info Disclosure
CVSS 4.0
CVE-2022-22269 MEDIUM
Keeping sensitive data - Info Disclosure
CVSS 4.0
CVE-2022-22268 MEDIUM
Samsung Knox Guard <SMR Jan-2022 Release 1 - Privilege Escalation
CVSS 6.1
CVE-2022-22267 MEDIUM
ActivityMetricsLogger <SMR Jan-2022 Release 1 - Info Disclosure
CVSS 4.0
CVE-2021-3991 MEDIUM
Dolibarr < 15.0.0 and dolibarr_erp/crm < 20.0.2 - Improper Authorization via Direct URL Access
CVSS 4.3
CVE-2021-4334 HIGH
Fancy Product Designer <4.6.9 - Privilege Escalation
CVSS 8.8
CVE-2021-4335 MEDIUM
Fancy Product Designer <4.6.9 - Privilege Escalation
CVSS 6.3
CVE-2021-4344 MEDIUM
Frontend File Manager <18.2 - Privilege Escalation
CVSS 6.4
CVE-2021-27772 HIGH
Hcltech HCL Sametime - Information Disclosure via Group Conversations
CVSS 7.1
CVE-2021-43939 HIGH
Elcomplus SmartPTT - Privilege Escalation
CVSS 8.8
CVE-2021-42000 MEDIUM
PingFederate < 9.3.0 - Improper Authorization in Password Reset Flow
CVSS 5.3
CVE-2021-44204 HIGH
Acronis True Image 2021 < 39287 - Local Privilege Escalation via Named Pipe
CVSS 7.8
CVE-2021-28506 CRITICAL
Arista EOS 4.24.0-4.24.7m - Unauthenticated Factory Reset via gNOI API
CVSS 9.1
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits