CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,329 vulnerabilities with CWE-285
CVE-2021-28506 CRITICAL
Arista EOS 4.24.0-4.24.7m - Unauthenticated Factory Reset via gNOI API
CVSS 9.1
CVE-2021-28501 CRITICAL
Arista TerminAttr < 1.16.2 - Unauthenticated Unrestricted Device Access via AAA API Misuse
CVSS 9.1
CVE-2021-28500 CRITICAL
Arista EOS < 4.20 - Unauthenticated Unrestricted Device Access via OpenConfig and TerminAttr AAA API Misuse
CVSS 9.1
CVE-2021-3837 MEDIUM
openwhyd < 1.45.12 - Improper Authorization
CVSS 6.1
CVE-2021-43847 MEDIUM
HumHub <1.10.3-1.9.3 - Privilege Escalation
CVSS 6.5
CVE-2021-25521 MEDIUM
Samsung Internet <16.0.2 - Info Disclosure
CVSS 4.0
CVE-2021-42126 HIGH
Ivanti Avalanche < 6.3.3 - Privilege Escalation via Inforail Service
CVSS 8.8
CVE-2021-36311 MEDIUM
Dell EMC Networker <19.5 - Privilege Escalation
CVSS 6.0
CVE-2021-42338 CRITICAL
4mosan gcb_doctor < 20210708 - Unauthenticated Authentication Bypass and Arbitrary File Upload via Cookie Injection
CVSS 9.8
CVE-2021-42337 MEDIUM
AIFU Cashier Accounting Management System - Improper Authorization via Salary Query URL Parameter
CVSS 4.3
CVE-2021-25507 MEDIUM
Samsung Flow <4.8.03.5 - Info Disclosure
CVSS 5.7
CVE-2021-25973 MEDIUM
Publify 9.0.0-9.2.4 - Improper Access Control via Guest Role Self-Registration
CVSS 6.5
CVE-2021-39341 HIGH
OptinMonster < 2.6.4 - Sensitive Information Disclosure via Insufficient Authorization
CVSS 8.2
CVE-2021-41313 MEDIUM
Atlassian Jira Server/Data Center <8.20.7 Authenticated Improper Authorization
CVSS 4.3
CVE-2021-41308 MEDIUM
Atlassian Jira <8.6.0, 8.7.0-8.13.12, 8.14.0-8.20.1 - Broken Access Control
CVSS 6.5
CVE-2021-31384 HIGH
Juniper Junos OS SRX Series 20.4R1-20.4R3, 21.1-21.1R1 - Unauthenticated J-Web Access Bypass
CVSS 7.2
CVE-2021-38486 HIGH
InHand Networks IR615 Router's Versions 2.3.0.r4724-2.3.0.r4870 - RCE
CVSS 8.0
CVE-2021-42336 MEDIUM
Easytest Online Learning Test Platform - Unauthenticated Permission Bypass via URL Parameter Manipulation
CVSS 4.3
CVE-2021-42332 MEDIUM
ShinHer StudyOnline System - Unauthenticated Improper Authorization via List View URL Parameter
CVSS 4.3
CVE-2021-42331 MEDIUM
ShinHer StudyOnline System - Missing Authorization in Study Edit Function
CVSS 5.4
CVE-2021-42330 HIGH
ShinHer StudyOnline System - Unauthenticated Improper Authorization via Teacher Edit Function
CVSS 8.8
CVE-2021-41137 HIGH
Minio RELEASE.2021-10-10T16-53-30Z - Auth Bypass
CVSS 8.8
CVE-2021-33723 MEDIUM
SINEC NMS <V1.0 SP2 Update 1 - Privilege Escalation
CVSS 6.5
CVE-2021-39317 HIGH
AccessPress Themes Products - Authenticated Arbitrary File Upload via plugin_offline_installer AJAX Action
CVSS 8.8
CVE-2021-41976 MEDIUM
tad_uploader < 3.5.4 - Unauthenticated Authorization Bypass in Edit Book List Function
CVSS 5.3
Details
Vulnerabilities 1,329
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits