CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,330 vulnerabilities with CWE-285
CVE-2017-0927 MEDIUM
GitLab 8.16.0-9.5.9 - Unauthenticated Improper Authorization in Deployment Keys
CVSS 6.5
CVE-2017-0926 HIGH
GitLab 8.8.0-9.5.9 - Unauthenticated Unauthorized User Login via OAuth Sign-In
CVSS 8.8
CVE-2017-9268 MEDIUM
openSUSE open_build_service < 2.8.2 - Authenticated Denial of Service via Incorrect Permission Check
CVSS 4.4
CVE-2017-11398 HIGH
Trend Micro Smart Protection Server <3.2 - SSRF
CVSS 8.8
CVE-2017-16743 CRITICAL
PHOENIX CONTACT FL SWITCH - Auth Bypass
CVSS 9.8
CVE-2017-12160 HIGH
Keycloak 0-3.3.0.Final and 3.4.0 - Authenticated Improper Authorization via OAuth Token Pair
CVSS 7.2
CVE-2017-1002151 HIGH
Pagure < 3.3.0 - Improper Authorization
CVSS 7.5
CVE-2017-6044 CRITICAL
Sierra Wireless AirLink Raven XE and XT - Unauthenticated Improper Authorization
CVSS 9.8
CVE-2017-0896 MEDIUM
Zulip Server <1.5.1 - Privilege Escalation
CVSS 6.5
CVE-2017-7484 HIGH
PostgreSQL <9.2.21-9.6.3 - Info Disclosure
CVSS 7.5
CVE-2017-0895 LOW
Nextcloud Server <10.0.4,11.0.2 - Info Disclosure
CVSS 3.5
CVE-2017-0894 MEDIUM
Nextcloud Server <11.0.3 - Info Disclosure
CVSS 4.3
CVE-2017-0892 LOW
Nextcloud Server <11.0.3 - Info Disclosure
CVSS 3.5
CVE-2017-2689 HIGH
Siemens RUGGEDCOM ROX I - Authenticated Improper Authorization via Web Interface
CVSS 8.8
CVE-2017-2686 MEDIUM
Siemens RUGGEDCOM ROX I - Authenticated Arbitrary File Read via Web Interface
CVSS 6.5
CVE-2016-10848 HIGH
cPanel 11.48.0.5-11.48.5.2 - Arbitrary File Overwrite in quotacheck Script
CVSS 7.2
CVE-2016-10859 HIGH
cPanel 11.48.0.5-11.48.4.8 - Unauthenticated Password Change via Webmail API
CVSS 8.1
CVE-2016-10734 CRITICAL
ProjectSend r582 - Insecure Direct Object Reference via actions.log.export.php
CVSS 9.8
CVE-2016-7035 HIGH
Pacemaker < 1.1.16 - Unauthenticated Privilege Escalation via IPC Interface
CVSS 8.8
CVE-2016-7078 MEDIUM
Foreman < 1.15.0 - Improper Authorization in Organizations and Locations Feature
CVSS 4.3
CVE-2016-7077 MEDIUM
Foreman < 1.14.0 - Unauthenticated Information Disclosure via Form Helper
CVSS 4.3
CVE-2016-7071 HIGH
Red Hat CloudForms < 5.6.2.2 and 5.7.0.7 - Authenticated Improper Authorization via VM ID
CVSS 8.8
CVE-2016-0373 LOW
IBM UrbanCode Deploy <6.2.2.1 - Info Disclosure
CVSS 3.1
CVE-2016-9575 MEDIUM
FreeIPA 4.2.x, 4.3.x < 4.3.3, 4.4.x < 4.4.3 - Authenticated Certificate Profile Modification via certprofile-mod Command
CVSS 6.3
CVE-2016-1000219 HIGH
Kibana <4.5.4, 4.1.11 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 1,330
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits