CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,329 vulnerabilities with CWE-285
CVE-2021-41975 HIGH
TadTools < 3.2.2 - Unauthenticated Arbitrary File Deletion via Special Page Parameter
CVSS 7.5
CVE-2021-41974 CRITICAL
Tad Book3 < 3.9 - Unauthenticated Arbitrary Book Content Modification
CVSS 9.1
CVE-2021-41568 MEDIUM
Tad Web < 1.76 - Unauthenticated Authorization Bypass
CVSS 5.3
CVE-2021-41564 MEDIUM
Tad Honor < 1.47 - Unauthenticated Authorization Bypass and Arbitrary Article Deletion via Book List Function
CVSS 5.3
CVE-2021-25499 HIGH
Samsung Galaxy Store <4.5.32.4 - Content Provider Access via Intent Redirection
CVSS 7.1
CVE-2021-41100 HIGH
wire-server < 2021-08-16 - Account Takeover via Short-Lived Session Token
CVSS 7.4
CVE-2021-41093 HIGH
Wire < 3.86 - Account Takeover via Stale Access Token
CVSS 7.4
CVE-2021-25460 MEDIUM
BlockchainTZService <SMR Sep-2021 Release 1 - DoS
CVSS 4.0
CVE-2021-25459 MEDIUM
BlockchainTZService <SMR Sep-2021 Release 1 - Privilege Escalation
CVSS 4.0
CVE-2021-3049 LOW
Palo Alto Networks Cortex XSOAR <6.1.0 - Privilege Escalation
CVSS 2.6
CVE-2021-28567 MEDIUM
Magento < 2.4.2 - Authenticated Improper Authorization in Customers Module
CVSS 6.5
CVE-2021-36037 MEDIUM
Magento Commerce <2.4.2-2.3.7 - Info Disclosure
CVSS 6.5
CVE-2021-36029 CRITICAL
Adobe Commerce/Magento Open Source <=2.4.2-p1 - Admin Authorization Bypass Code Execution
CVSS 9.1
CVE-2021-34434 MEDIUM
Eclipse Mosquitto 2.0-2.0.11 - Improper Authorization in Dynamic Security Plugin
CVSS 5.3
CVE-2021-27663 HIGH
Johnson Controls CEM Systems AC2000 <10.6 - Info Disclosure
CVSS 8.2
CVE-2021-28626 LOW
Adobe Experience Manager < 6.5.8.0 - Unauthenticated Application Denial-of-Service via Node Creation
CVSS 3.7
CVE-2021-3616 CRITICAL
Lenovo Smart Camera X3/X5/C2E < 01.03.29.16 - Unauthenticated Info Disclosure & Firmware Modification
CVSS 9.4
CVE-2021-37705 CRITICAL
OneFuzz 2.12.0-2.31.0 - Authenticated Origin Validation Error via Multi-Tenant Domain Configuration
CVSS 10.0
CVE-2021-36276 HIGH
Dell DBUtilDrv2.sys <2.7 - Privilege Escalation
CVSS 8.8
CVE-2021-35964 HIGH
Orca HCM < 10.0 - Unauthenticated Improper Authentication
CVSS 7.3
CVE-2021-32688 HIGH
Nextcloud Server <19.0.13, <20.0.11, <21.0.3 - Privilege Escalation
CVSS 8.8
CVE-2021-1576 HIGH
Cisco Business Process Automation < 3.1 - Authenticated Privilege Escalation via Improper Authorization
CVSS 8.8
CVE-2021-1574 HIGH
Cisco Business Process Automation < 3.1 - Authenticated Privilege Escalation via Improper Authorization Enforcement
CVSS 8.8
CVE-2021-25433 MEDIUM
Tizen <JUL-2021 - Privilege Escalation
CVSS 5.5
CVE-2021-32523 CRITICAL
QSAN Storage Manager < 3.3.1 - Improper Authorization and Remote Command Execution
CVSS 9.1
Details
Vulnerabilities 1,329
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits