CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,330 vulnerabilities with CWE-285
CVE-2019-7479 HIGH
SonicOS <6.9.1.12-4o - Privilege Escalation
CVSS 7.2
CVE-2019-7489 CRITICAL
SonicWall Email Security <10.0.2 - RCE
CVSS 9.8
CVE-2019-18827 MEDIUM
Barco ClickShare Button R9861500D01 <1.9.0 - Info Disclosure
CVSS 5.9
CVE-2019-14870 MEDIUM
Samba 4.x.x < 4.9.17, 4.10.x < 4.10.11, 4.11.x < 4.11.3 - Improper Authentication via S4U Kerberos Delegation
CVSS 5.4
CVE-2019-15990 MEDIUM
Cisco Small Business RV Series Routers - Info Disclosure
CVSS 5.3
CVE-2019-3641 MEDIUM
McAfee Threat Intelligence Exchange Server 3.0.0 - Authenticated Reputation Data Modification via API
CVSS 4.5
CVE-2019-3764 MEDIUM
Dell iDRAC7 < 2.65.65.65, iDRAC8 < 2.70.70.70, iDRAC9 < 3.36.36.36 - Authenticated Information Disclosure
CVSS 4.3
CVE-2019-17631 CRITICAL
Eclipse OpenJ9 0.15.0-0.16.0 - Unauthenticated Improper Privilege Management
CVSS 9.1
CVE-2019-12671 HIGH
Cisco IOS XE - Authenticated Shell Access Bypass via Insufficient Consent Token Enforcement
CVSS 7.8
CVE-2019-13528 MEDIUM
Niagara AX and Niagara 4 - Unauthenticated Privileged File Read Access
CVSS 4.4
CVE-2019-13550 CRITICAL
Advantech WebAccess < 8.4.1 - Improper Authorization
CVSS 9.8
CVE-2019-12635 MEDIUM
Cisco Content Security Management Appliance < 12.5.0 - Authenticated Improper Authorization
CVSS 4.3
CVE-2019-1907 HIGH
Cisco IMC Supervisor < 4.0(4b) - Authenticated Privilege Escalation
CVSS 8.8
CVE-2019-1863 HIGH
Cisco IMC Software - Privilege Escalation
CVSS 8.1
CVE-2019-13416 MEDIUM
Search Guard < 24.3 - Improper Authorization via Cross Cluster Search
CVSS 6.5
CVE-2019-1934 HIGH
Cisco Adaptive Security Appliance Software < 8.2 - Authenticated Privilege Escalation via HTTPS Requests
CVSS 8.8
CVE-2019-1912 CRITICAL
Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Arbitrary File Upload
CVSS 9.1
CVE-2019-2386 HIGH
MongoDB Server <4.0.9, <3.6.13, <3.4.22 - Info Disclosure
CVSS 7.1
CVE-2019-10154 HIGH
Moodle <3.7-3.6.4 - Info Disclosure
CVSS 7.5
CVE-2019-1899 MEDIUM
Cisco RV110W/RV130W/RV215W - Info Disclosure
CVSS 5.3
CVE-2019-1898 MEDIUM
Cisco RV110W, RV130W, and RV215W - Info Disclosure
CVSS 5.3
CVE-2019-1897 MEDIUM
Cisco RV110W, RV130W, RV215W - DoS
CVSS 5.3
CVE-2019-10159 MEDIUM
cfme-gemset <5.10.4.3 & <5.9.9.3 - Info Disclosure
CVSS 4.3
CVE-2019-6582 HIGH
Siveillance VMS <13.1a Authenticated Improper Authorization
CVSS 7.1
CVE-2019-6581 HIGH
Siveillance VMS <13.1a Authenticated Improper Authorization
CVSS 8.8
Details
Vulnerabilities 1,330
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits