CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,329 vulnerabilities with CWE-285
CVE-2021-28563 MEDIUM
Magento < 2.3.7, 2.4.0-2.4.2-p1 - Unauthenticated Improper Authorization via Create Customer Endpoint
CVSS 6.5
CVE-2021-3044 CRITICAL
Palo Alto Networks Cortex XSOAR <6.1.0-6.2.0 - Auth Bypass
CVSS 9.8
CVE-2021-23140 CRITICAL
Gallagher Command Centre < 8.10 - Improper Authorization
CVSS 9.9
CVE-2021-23136 MEDIUM
Gallagher Command Centre < 8.10 - Improper Authorization
CVSS 6.5
CVE-2021-25417 HIGH
SDP SDK <SMR JUN-2021 Release 1 - Info Disclosure
CVSS 7.5
CVE-2021-25399 HIGH
Smart Manager <11.0.05.0 - Privilege Escalation
CVSS 7.1
CVE-2021-32620 HIGH
XWiki 11.6-11.10.12 - Improper Authorization via Email Verification Activation Link
CVSS 8.8
CVE-2021-32619 CRITICAL
Deno 1.5.0-1.10.1 - Improper Authorization via Dynamic Import Bypass
CVSS 9.8
CVE-2021-24195 HIGH
User Switching < 1.8 - Authenticated Arbitrary Plugin Installation
CVSS 8.8
CVE-2021-24194 HIGH
Login Protection < 2.9 - Authenticated Arbitrary Plugin Installation via AJAX
CVSS 8.8
CVE-2021-24193 HIGH
Visitor Traffic Real Time Statistics < 2.12 - Authenticated Arbitrary Plugin Installation and Activation via AJAX Action
CVSS 8.8
CVE-2021-24192 HIGH
Tree Sitemap WordPress Plugin < 2.9 - Authenticated Arbitrary Plugin Installation and Activation via AJAX Action
CVSS 8.8
CVE-2021-24191 HIGH
WP Maintenance Mode < 1.8.2 - Unauthenticated Plugin Installation/Activation
CVSS 8.8
CVE-2021-24190 HIGH
WooCommerce Conditional Marketing Mailer < 1.5.2 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 8.8
CVE-2021-24189 HIGH
Captchinoo < 2.4 - Improper Authorization via AJAX Action
CVSS 8.8
CVE-2021-24188 HIGH
WP Content Copy Protection & No Right Click < 3.1.5 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 8.8
CVE-2021-28799 CRITICAL KEV
QNAP HBS 3 - Broken Access Control
CVSS 10.0
CVE-2021-25382 MEDIUM
Secure Folder <SMR Oct-2020 Release 1 - Info Disclosure
CVSS 6.1
CVE-2021-0260 HIGH
Juniper Networks Junos OS <17.3R3-S9 - Info Disclosure
CVSS 7.3
CVE-2021-21096 MEDIUM
Adobe Bridge < 10.1.1 and 11.0.1 - Denial of Service via Genuine Software Service
CVSS 5.5
CVE-2021-25381 MEDIUM
Samsung Account 10.8.0.4 and 12.1.1.3 - Unauthorized Action via PendingIntent Hijacking
CVSS 5.5
CVE-2021-25374 HIGH
Samsung Members <3.9.00.9 - Auth Bypass
CVSS 8.6
CVE-2021-25373 MEDIUM
Android Customization Service <2.9.01.1 - Local Privilege Escalation
CVSS 5.5
CVE-2021-21432 HIGH
Vela 0.7.0-0.7.4 - Unauthenticated Secret Exposure via .netrc File
CVSS 7.5
CVE-2021-22865 MEDIUM
GitHub Enterprise Server - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 1,329
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits