CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,329 vulnerabilities with CWE-285
CVE-2020-5362 HIGH
Dell Client Platforms - Unauthenticated BIOS Setup Configuration Reset via Manageability Interface
CVSS 7.1
CVE-2020-3267 HIGH
Cisco Unified CCX - Privilege Escalation
CVSS 7.1
CVE-2020-10516 CRITICAL
GitHub Enterprise Server <2.21 - Privilege Escalation
CVSS 9.8
CVE-2020-10620 CRITICAL
Opto 22 SoftPAC Project <= 9.6 - Unauthenticated Missing Authorization
CVSS 9.8
CVE-2020-1998 MEDIUM
PAN-OS 7.1.0-7.1.25 - Authentication Bypass via SAML Username Sharing
CVSS 5.4
CVE-2020-10686 MEDIUM
Keycloak <9.0.1 - Privilege Escalation
CVSS 4.1
CVE-2020-5333 MEDIUM
RSA Archer < 6.7.0.3 - Authenticated Authorization Bypass in REST API
CVSS 4.3
CVE-2020-1745 HIGH
Undertow <2.0.30.Final - Info Disclosure
CVSS 8.6
CVE-2020-5289 MEDIUM
Elide < 4.5.14 - Unauthorized Data Access via Filter Expression Side Channel
CVSS 6.8
CVE-2020-5275 HIGH
Symfony security-http < 4.4.7 - Improper Authorization via Access Control Rule Bypass
CVSS 7.6
CVE-2020-1720 LOW
PostgreSQL <12.2-9.6.17 - Privilege Escalation
CVSS 3.1
CVE-2020-5240 HIGH
wagtail-2fa < 1.4.1 - Improper Authorization via 2FA Device Management Path
CVSS 7.6
CVE-2020-5250 HIGH
PrestaShop <1.7.6.4 - Info Disclosure
CVSS 7.6
CVE-2020-5251 HIGH
parse-server < 4.1.0 - Improper Authorization via NoSQL Query Regex
CVSS 7.7
CVE-2020-5318 HIGH
Dell EMC Isilon OneFS 8.0.0.7, 8.1.0.3, 8.1.0.4, 8.1.2 - Unauthenticated File Access via HTTP and WebDAV
CVSS 7.5
CVE-2020-8119 MEDIUM
Nextcloud server <17.0.0 - Info Disclosure
CVSS 4.3
CVE-2020-5232 HIGH
ENS Domains < 0.1.0 and ensdomains/ens < 0.4.0 - Improper Authorization via Ownership Transfer Trapdoor
CVSS 8.7
CVE-2020-5231 MEDIUM
Opencast < 7.6 - Improper Authorization via ROLE_COURSE_ADMIN User Creation
CVSS 4.8
CVE-2020-5206 HIGH
Opencast < 7.6 - Improper Authentication via Remember-Me Cookie
CVSS 8.7
CVE-2019-25149 HIGH
Gallery Images Ape <2.0.6 - Privilege Escalation
CVSS 7.6
CVE-2019-14828 MEDIUM
Moodle 3.5.0-3.5.7 - Improper Authorization in Course Creation
CVSS 4.3
CVE-2019-13554 HIGH
GE Mark VIe Controller - Auth Bypass
CVSS 8.8
CVE-2019-14883 MEDIUM
Moodle 3.6-3.6.6 and 3.7-3.7.2 - Missing Authorization for Inline Email Attachment Access
CVSS 5.3
CVE-2019-15610 MEDIUM
Circles < 0.16.11 - Improper Authorization
CVSS 4.3
CVE-2019-7479 HIGH
SonicOS <6.9.1.12-4o - Privilege Escalation
CVSS 7.2
Details
Vulnerabilities 1,329
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits