CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,331 vulnerabilities with CWE-285
CVE-2016-1000219 HIGH
Kibana <4.5.4, 4.1.11 - Info Disclosure
CVSS 7.5
CVE-2016-5063 MEDIUM
BMC Server Automation < 8.6 SP1 Patch 2 and < 8.7 Patch 3 - Improper Authorization via RSCD Agent
CVSS 5.3
CVE-2016-8776 MEDIUM
Huawei P9 and P9 Lite - Factory Reset Protection Bypass
CVSS 4.6
CVE-2016-9464 MEDIUM
Nextcloud Server < 9.0.54 and 10.0.0 - Improper Authorization in Sharing Backend
CVSS 4.3
CVE-2016-7651 MEDIUM
iPhone OS < 10.2 and watchOS < 3.1.1 - Improper Authorization in Accounts Component
CVSS 5.3
CVE-2016-8443 HIGH
Android Kernel <3.18 - Memory Corruption
CVSS 7.8
CVE-2016-9217 HIGH
Cisco Intercloud Fabric - Info Disclosure
CVSS 8.8
CVE-2016-9938 MEDIUM
Asterisk 11.x < 11.25.1, 13.x < 13.13.1, 14.x < 14.2.1 - Unauthenticated Call Processing via Malformed SIP Header
CVSS 5.3
CVE-2016-5788 CRITICAL
General Electric GE - Privilege Escalation
CVSS 10.0
CVE-2016-7097 MEDIUM
Linux Kernel < 4.8.2 - Improper Authorization via setxattr setgid Bit Preservation
CVSS 4.4
CVE-2016-7143 HIGH
Debian Linux < 3.5.2 - Improper Authorization
CVSS 8.1
CVE-2016-0922 CRITICAL
EMC ViPR SRM <3.7.2 - Info Disclosure
CVSS 9.8
CVE-2016-3352 HIGH
Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 - Information Disclosure via NTLM SSO Request Handling
CVSS 8.8
CVE-2016-6825 CRITICAL
Huawei RH1288 V3, RH2288 V3, RH2288H V3, XH620 V3, XH622 V3, XH628 V3 Firmware - Unauthenticated Password Brute-Force
CVSS 9.8
CVE-2016-5676 HIGH
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-2.x - Unauthenticated Admin Password Reset
CVSS 7.5
CVE-2016-5799 CRITICAL
Moxa OnCell G3001 Firmware < 1.6 and G3100V2 Firmware < 2.7 - Improper Authorization
CVSS 9.8
CVE-2016-5420 HIGH
Debian Linux < 7.50.0 - Improper Authorization
CVSS 7.5
CVE-2016-4531 HIGH
Rockwell Automation FactoryTalk EnergyMetrix < 2.10.00 - Improper Authorization via Session Invalidation Bypass
CVSS 7.3
CVE-2016-1711 HIGH
Google Chrome < 51.0.2704.106 - Same Origin Policy Bypass via Frame Navigation
CVSS 8.8
CVE-2016-1710 HIGH
Chrome < 51.0.2704.106 - Same Origin Policy Bypass via Deferred Frame Window Creation
CVSS 8.8
CVE-2015-10033 LOW
merlinsboard < 2015-03-19 - Improper Authorization in Grade Handler
CVSS 3.5
CVE-2015-5463 CRITICAL
AxiomSL Axiom <9.5.3 - SQL Injection
CVSS 9.8
CVE-2015-3954 CRITICAL
Hospira <13.4 - Privilege Escalation
CVSS 9.8
CVE-2015-7463 MEDIUM
IBM Business Process Manager <8.5.6.0 - Privilege Escalation
CVSS 4.3
CVE-2015-3656 HIGH
Aruba Networks ClearPass Policy Manager <6.4.7, <6.5.2 - Privilege ...
CVSS 7.2
Details
Vulnerabilities 1,331
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits