Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2021-27099 MEDIUM

SPIRE < 0.8.5, 0.9.4, 0.10.2, 0.11.3, 0.12.1 - Incorrect Authorization via AWS IID Node Attestor Path Normalization

CVE-2021-26964 HIGH

Aruba AirWave < 8.2.12.0 - Authenticated Privilege Escalation via Web Management Interface

CVE-2021-21725 MEDIUM

ZTE ZXHN H196Q V9.1.0C2 - Authenticated Directory Traversal and Information Disclosure

CVE-2021-26027 MEDIUM

Joomla! 3.0.0-3.9.24 - Incorrect Authorization in Article Category Change

CVE-2021-27225 MEDIUM

Dataiku DSS <8.0.6 - Info Disclosure

CVE-2021-26563 HIGH

Synology DiskStation Manager < 6.2.4-25553 - Incorrect Authorization

CVE-2021-20229 MEDIUM

PostgreSQL < 13.2 - Unauthorized Column Access via SELECT Privilege Escalation

CVE-2021-22113 MEDIUM

Spring Cloud Netflix Zuul < 2.2.6 - Incorrect Authorization via Specially Constructed URLs

CVE-2021-27509 HIGH

Visualware MyConnection Server <11.0b-5382 - Info Disclosure

CVE-2021-21318 MEDIUM

Opencast < 9.2 - Incorrect Authorization via Series Access Control Overwrite

CVE-2021-26753 CRITICAL

NeDi 1.9C - Authenticated PHP Code Injection via System Files Endpoint

CVE-2021-20188 HIGH

podman < 1.7.0 - Incorrect Authorization via Privileged Container File Permissions

CVE-2021-27177 CRITICAL

FiberHome HG6245D Firmware < rp2613 - Unauthenticated Telnet Authentication Bypass via Decoded String

CVE-2021-25777 MEDIUM

JetBrains TeamCity < 2020.2.1 - Incorrect Authorization during Token Removal

CVE-2021-25774 MEDIUM

JetBrains TeamCity < 2020.2.1 - Incorrect Authorization

CVE-2021-21286 HIGH

AVideo Platform <10.2 - Auth Bypass

CVE-2021-21276 CRITICAL

polr < 2.3.0 - Unauthenticated Admin Account Creation via Setup Finish Endpoint

CVE-2021-3337 HIGH

Hide-Thread-Content Plugin through 2021-01-27 for MyBB - Unauthenticated Information Disclosure via Reply or Quote

CVE-2021-26026 HIGH

ACDSee Professional 2021 14.0 1721 - User Mode Write Access Violation via Crafted BMP Image

CVE-2021-26025 HIGH

ACDSee Professional 2021 14.0 1721 - User Mode Write Access Violation via Crafted BMP Image

CVE-2021-1305 HIGH

Cisco SD-WAN vManage Software - Authenticated Authorization Bypass and Information Disclosure

CVE-2021-1270 MEDIUM

Cisco Data Center Network Manager < 11.5(1) - Authenticated Incorrect Authorization

CVE-2021-1269 MEDIUM

Cisco Data Center Network Manager < 11.5(1) - Authenticated Incorrect Authorization

CVE-2021-21013 HIGH

Magento <2.4.1-2.3.6 - Info Disclosure

CVE-2021-1144 HIGH

Cisco Connected Mobile Experiences - Authenticated Password Modification via Incorrect Authorization

Previous Page 102 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy