CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,330 vulnerabilities with CWE-285
CVE-2018-14637 MEDIUM
Keycloak <4.6.0.Final - Info Disclosure
CVSS 6.1
CVE-2018-17933 HIGH
VGo Robot Firmware 3.0.3.52164 3.0.3.53662 - Improper Authorization
CVSS 8.8
CVE-2018-15405 MEDIUM
Cisco UCS Director - Authenticated Information Disclosure via Improper Authorization Check
CVSS 6.5
CVE-2018-0460 MEDIUM
Cisco Enterprise NFV Infrastructure Software - Authenticated Arbitrary File Read via REST API
CVSS 6.5
CVE-2018-0459 MEDIUM
Cisco Enterprise NFV Infrastructure Software - Authenticated Denial of Service via Web Management Interface
CVSS 6.5
CVE-2018-3829 MEDIUM
Elastic Cloud Enterprise < 1.1.4 - Authentication Bypass via Invalid Roles Token
CVSS 5.3
CVE-2018-3778 MEDIUM
aedes < 0.35.0 - Improper Authorization
CVSS 5.3
CVE-2018-0391 MEDIUM
Cisco Prime Collaboration Provisioning < 12.2 - Authenticated Denial of Service via Password Change Function
CVSS 6.5
CVE-2018-12467 MEDIUM
openSUSE Open Build Service < 2.9.4 - Authenticated Package Deletion via Malicious Request
CVSS 6.0
CVE-2018-12466 MEDIUM
openSUSE openbuildservice <9.2.4 - Privilege Escalation
CVSS 4.4
CVE-2018-10906 MEDIUM
fuse < 2.9.8 and 3.x < 3.2.5 - Privilege Escalation via fusermount SELinux Bypass
CVSS 5.3
CVE-2018-0393 MEDIUM
Cisco Mobility Services Engine Firmware - Authenticated Policy Modification via Policy Builder Interface
CVSS 6.5
CVE-2018-1116 MEDIUM
polkit <0.116 - Privilege Escalation
CVSS 4.4
CVE-2018-10861 HIGH
Ceph - Authenticated Storage Pool Manipulation and Snapshot Corruption
CVSS 8.1
CVE-2018-1113 MEDIUM
setup <2.11.4-1.fc28 - Privilege Escalation
CVSS 4.8
CVE-2018-1082 HIGH
Moodle 3.3.0-3.3.4 and 3.4.0-3.4.1 - Improper Authentication
CVSS 8.1
CVE-2017-20238 HIGH
Hirschmann Industrial HiVision Improper Authorization Privilege Escalation
CVSS 7.1
CVE-2017-9325 HIGH
Solrconfig.xml <sample> - Info Disclosure
CVSS 7.5
CVE-2017-8409 HIGH
D-Link DCS-1130 Firmware - Unauthenticated Live Video Feed Access
CVSS 7.5
CVE-2017-8252 MEDIUM
Qualcomm Snapdragon Firmware - Information Disclosure via TrustZone Fault Injection
CVSS 5.5
CVE-2017-8777 HIGH
OX Cloud < 1.4.0 - Improper Authorization
CVSS 7.2
CVE-2017-2632 MEDIUM
CloudForms Management Engine < 5.7.1.3 - Privilege Escalation via Role Validation Logic Error
CVSS 4.9
CVE-2017-2589 HIGH
hawtio < 1.5.0 - Improper Authorization via Shared HttpClient Cookie Store
CVSS 8.7
CVE-2017-16773 MEDIUM
Synology Universal Search <1.0.5-0135 - Auth Bypass
CVSS 6.5
CVE-2017-16726 CRITICAL
Beckhoff TwinCAT - Inadequate Encryption Strength in ADS Protocol
CVSS 9.1
Details
Vulnerabilities 1,330
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits