CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,329 vulnerabilities with CWE-285
CVE-2021-25355 MEDIUM
Samsung Notes <4.2.00.22 - Privilege Escalation
CVSS 5.5
CVE-2021-25354 LOW
Samsung Internet <13.2.1.46 - Info Disclosure
CVSS 3.3
CVE-2021-25353 MEDIUM
Galaxy Themes <5.2.00.1215 - Privilege Escalation
CVSS 5.5
CVE-2021-25352 MEDIUM
Bixby Voice <3.0.52.14 - Privilege Escalation
CVSS 5.5
CVE-2021-25351 LOW
Samsung Account <10.7.0.7, <12.1.1.3 - Info Disclosure
CVSS 3.2
CVE-2021-21362 HIGH
MinIO < 2021-03-04T00-53-13Z - Improper Authorization Bypass via Temporary Upload URL
CVSS 7.7
CVE-2021-22863 HIGH
GitHub Enterprise Server GraphQL API - Privilege Escalation
CVSS 8.1
CVE-2021-22862 MEDIUM
GitHub Enterprise Server - Info Disclosure
CVSS 6.5
CVE-2021-22861 MEDIUM
GitHub Enterprise Server - Privilege Escalation
CVSS 6.5
CVE-2021-21511 HIGH
Dell EMC Avamar Server 19.3-19.4 - Improper Authorization in Web UI
CVSS 8.1
CVE-2021-21026 MEDIUM
Magento <2.4.1, 2.4.0-p1, 2.3.6 - Auth Bypass
CVSS 5.3
CVE-2020-9081 LOW
Huawei Smartphone Firmware - Improper Authorization Bypass via App Lock
CVSS 3.5
CVE-2020-3539 MEDIUM
Cisco Prime Data Center Network Manager < 11.4(1) - Authenticated Improper Authorization via Malicious URL
CVSS 6.3
CVE-2020-36841 MEDIUM
WooCommerce Smart Coupons <4.6.0 - Auth Bypass
CVSS 5.3
CVE-2020-36714 HIGH
Brizy < 1.0.125 - Authenticated Authorization Bypass via is_administrator() Function
CVSS 7.4
CVE-2020-36729 MEDIUM
2J-SlideShow Plugin <1.3.31 - Auth Bypass
CVSS 5.4
CVE-2020-36696 HIGH
Product Input Fields for WooCommerce <= 1.2.6 - Unauthenticated Authorization Bypass via handle_downloads()
CVSS 7.5
CVE-2020-9061 MEDIUM
Aeotec Zw090-a - Improper Authorization
CVSS 6.5
CVE-2020-25716 HIGH
Cloudforms < 5.11.10.1 - Privilege Escalation via Administrator File Export/Import
CVSS 8.1
CVE-2020-1690 MEDIUM
openstack-selinux < 0.8.24 - Privilege Escalation via DBus Access
CVSS 6.5
CVE-2020-10716 MEDIUM
Red Hat Satellite - Info Disclosure
CVSS 6.5
CVE-2020-17517 HIGH
Apache Ozone <1.1.0 - Info Disclosure
CVSS 7.5
CVE-2020-27779 HIGH
GRUB2 < 2.06 - Authenticated Secure Boot Bypass via cutmem Command
CVSS 7.5
CVE-2020-24674 HIGH
S+ Operations/S+ Historian - DoS/Code Injection
CVSS 8.8
CVE-2020-8920 LOW
Gerrit < 2.14.22/2.15.21/2.16.25/3.0.15/3.1.10/3.2.5 - Unauthenticated Information Leak
CVSS 3.5
Details
Vulnerabilities 1,329
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits