CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,330 vulnerabilities with CWE-285
CVE-2019-1842 MEDIUM
Cisco IOS XR Firmware - Authenticated SSH Authentication Bypass via Username Sequence Manipulation
CVSS 5.4
CVE-2019-1851 MEDIUM
Cisco Identity Services Engine - Authenticated Arbitrary Certificate Generation via ERS API
CVSS 6.8
CVE-2019-1859 HIGH
Cisco Small Business Switches - Auth Bypass
CVSS 7.2
CVE-2019-3842 HIGH
systemd < 242-rc4 - Improper Authorization via XDG_SEAT Environment Variable
CVSS 7.0
CVE-2019-3849 HIGH
moodle < 3.4.8 - Unauthenticated Privilege Escalation via LTI Request Tampering
CVSS 8.8
CVE-2019-3785 HIGH
Cloudfoundry Capi-release < 1.78.0 - Improper Authorization
CVSS 8.1
CVE-2019-1604 HIGH
Cisco NX-OS < 7.0(3)I7(4) - Authenticated Privilege Escalation via Incorrect Group ID Authorization
CVSS 7.8
CVE-2019-1603 HIGH
Cisco NX-OS < 7.0(3)I7(4) - Authenticated Privilege Escalation via CLI
CVSS 7.8
CVE-2019-3820 MEDIUM
gnome-shell 3.15.91-3.30.3 - Improper Authentication via Lock Screen Bypass
CVSS 4.3
CVE-2018-14670 CRITICAL
ClickHouse <1.1.54131 - Info Disclosure
CVSS 9.8
CVE-2018-20945 MEDIUM
cPanel 61.9999.55-62.0.38 - Improper Authorization in csvprocess
CVSS 5.7
CVE-2018-20927 LOW
cPanel 61.9999.55-62.0.42 - Jailshell Escape via Incorrect Crontab Parsing
CVSS 3.8
CVE-2018-17210 HIGH
PrinterOn Central Print Services < 4.1.4 - Unauthenticated Authorization Bypass via Session Cookie Manipulation
CVSS 8.8
CVE-2018-19581 HIGH
GitLab EE <11.3.11-11.5.1 - Info Disclosure
CVSS 7.5
CVE-2018-19578 MEDIUM
GitLab EE <11.5.1 - Info Disclosure
CVSS 6.5
CVE-2018-19569 HIGH
GitLab CE/EE <11.3.11, <11.4.8, <11.5.1 - Auth Bypass
CVSS 8.8
CVE-2018-16086 MEDIUM
Chrome < 69.0.3497.81 - Insufficient Policy Enforcement in Extensions API
CVSS 5.4
CVE-2018-16077 MEDIUM
Google Chrome < 69.0.3497.81 - Content Security Policy Bypass via Blink Object Lifecycle Issue
CVSS 6.5
CVE-2018-16074 MEDIUM
Google Chrome < 69.0.3497.81 - Site Isolation Bypass via Crafted HTML Page
CVSS 6.5
CVE-2018-16073 MEDIUM
Chrome < 69.0.3497.81 - Site Isolation Bypass via Crafted HTML Page
CVSS 6.5
CVE-2018-13908 HIGH
Qualcomm Snapdragon - Improper Authorization via Truncated Access Token
CVSS 7.8
CVE-2018-9867 MEDIUM
SonicOS < 5.9.1.10 - Improper Authorization in Certificate Download
CVSS 5.5
CVE-2018-14666 MEDIUM
Red Hat Satellite 6.0-6.3 - Improper Authorization in Smart Class Feature
CVSS 6.8
CVE-2018-14662 MEDIUM
Ceph <13.2.4 - Privilege Escalation
CVSS 5.7
CVE-2018-15465 HIGH
Cisco ASA <9.4.4.29, >=9.5 <9.6.4.20 Authenticated Privilege Escalation via Web Interface
CVSS 8.1
Details
Vulnerabilities 1,330
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits