CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,329 vulnerabilities with CWE-285
CVE-2020-8919 LOW
Gerrit 2.15.0-2.15.20 - Unauthenticated Information Disclosure via Branch REST API
CVSS 3.5
CVE-2020-26246 HIGH
Pimcore <6.8.5 - Privilege Escalation
CVSS 7.7
CVE-2020-9049 HIGH
American Dynamics victor Web Client <5.6 & Software House CCURE Web Client <2.90 - DoS via JWT Bypass
CVSS 7.1
CVE-2020-2050 HIGH
PAN-OS 8.1.0-8.1.16 - Unauthenticated Authentication Bypass in GlobalProtect SSL VPN
CVSS 8.2
CVE-2020-24405 MEDIUM
Magento <2.4.0, 2.3.5p1 - Privilege Escalation
CVSS 4.3
CVE-2020-24404 LOW
Magento <2.4.0, 2.3.5p1 - Privilege Escalation
CVSS 2.7
CVE-2020-24403 LOW
Magento <2.4.0, 2.3.5p1 - Privilege Escalation
CVSS 2.7
CVE-2020-24431 MEDIUM
Acrobat Reader DC <2020.012.20048, 2020.001.30005, 2017.011.30175 -...
CVSS 4.4
CVE-2020-1908 MEDIUM
WhatsApp <2.20.100 - Privilege Escalation
CVSS 4.6
CVE-2020-26183 MEDIUM
Dell EMC NetWorker <19.3.0.2 - Privilege Escalation
CVSS 6.8
CVE-2020-9048 HIGH
American Dynamics victor Web Client < 5.4.1 and Software House CCURE Web Client < 2.80 - Arbitrary File Deletion and DoS
CVSS 7.1
CVE-2020-7530 HIGH
SCADAPack 7x Remote Connect < 3.6.3.574 - Improper Authorization
CVSS 8.8
CVE-2020-16096 CRITICAL
Gallagher Command Centre < 7.80.960, 7.90 < 7.90.991, 8.00 < 8.00.1161, 8.10 < 8.10.1134 - Unauthorized Data Access
CVSS 9.9
CVE-2020-6311 MEDIUM
SAP Bank Analyzer 500 and S/4HANA for Financial Products Subledger 100 - Improper Authorization
CVSS 6.5
CVE-2020-10517 MEDIUM
GitHub Enterprise Server <2.22 - Info Disclosure
CVSS 4.3
CVE-2020-3394 HIGH
Cisco Nexus 3000/9000 - Privilege Escalation
CVSS 7.8
CVE-2020-7583 HIGH
Siemens Automation License Manager 5.x and 6.x < 6.0.8 - Improper Authorization
CVSS 7.8
CVE-2020-3386 HIGH
Cisco Data Center Network Manager < 11.4(1) - Authenticated Improper Authorization via REST API
CVSS 8.8
CVE-2020-3374 CRITICAL
Cisco SD-WAN vManage Software - Auth Bypass
CVSS 9.9
CVE-2020-14486 MEDIUM
OpenClinic GA 5.09.02 and 5.89.05b - Improper Authorization via Redirect Bypass
CVSS 6.3
CVE-2020-3150 MEDIUM
Cisco Small Business RV110W/RV215W - Info Disclosure
CVSS 5.9
CVE-2020-5356 HIGH
Dell PowerProtect <19.4-3.2 - Auth Bypass
CVSS 7.7
CVE-2020-15087 HIGH
Presto < 337 - Authenticated Authorization Bypass via Internal API Access
CVSS 7.4
CVE-2020-15084 HIGH
express-jwt < 5.3.3 - Authorization Bypass via Unenforced Algorithms Configuration
CVSS 7.7
CVE-2020-10736 HIGH
Ceph 15.2.0-15.2.1 - Authenticated Authorization Bypass in ceph-mon and ceph-mgr
CVSS 8.0
Details
Vulnerabilities 1,329
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits