Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2020-24264 CRITICAL

Portainer < 1.24.1 - Incorrect Authorization Leading to Remote Code Execution via Bind Mount Bypass

CVE-2020-25240 HIGH

SINEMA Remote Connect Server < 3.0 - Unauthenticated Incorrect Authorization via URL Guessing

CVE-2020-25239 HIGH

SINEMA Remote Connect Server < 3.0 - Unauthorized UMC Authorization Server Modification via Special URLs

CVE-2020-35682 HIGH

ManageEngine ServiceDesk Plus < 11134 - Authentication Bypass via SAML Login

CVE-2020-29020 CRITICAL

Secomea SiteManager < 9.4.620527004 - Improper Access Control in Web Service

CVE-2020-12668 MEDIUM

Jinjava < 2.5.4 - Arbitrary Class Access and Arbitrary File Disclosure via Java Method Calls

CVE-2020-8806 HIGH

Electric Coin Company Zcashd <2.1.1-1 - DoS

CVE-2020-27873 MEDIUM

NETGEAR AC2100 R7450 < 1.2.0.76 - Unauthenticated Sensitive Information Disclosure via SOAP API

CVE-2020-29605 MEDIUM

MantisBT < 2.24.4 - Authenticated Private Issue Summary Exposure via bug_actiongroup_page.php

CVE-2020-1725 MEDIUM

Keycloak < 13.0.0 - Incorrect Authorization

CVE-2020-9492 HIGH

Apache Hadoop 2.0.0-2.10.0 and 3.0.0-alpha1-3.2.1 - Incorrect Authorization via WebHDFS SPNEGO Header

CVE-2020-4873 MEDIUM

IBM Planning Analytics 2.0 - Sensitive Information Exposure via Overly Permissive CORS Policy

CVE-2020-35948 CRITICAL

XCloner Backup and Restore 4.2.1-4.2.12 - Arbitrary File Write & RCE via xcloner_restore.php

CVE-2020-26029 MEDIUM

Zammad < 3.4.1 - Incorrect Authorization via X-On-Behalf-Of Header

CVE-2020-26028 MEDIUM

Zammad < 3.4.1 - Incorrect Authorization for Admin Users

CVE-2020-24674 HIGH

S+ Operations/S+ Historian - DoS/Code Injection

CVE-2020-4794 MEDIUM

IBM Automation Workstream Services 19.0.3, 20.0.1-20.0.2 - Authenticated Information Disclosure and Denial of Service

CVE-2020-0481 LOW

Android 11 - Unauthenticated Permissions Bypass via Broadcast Intent

CVE-2020-0479 HIGH

Android 11 - Unauthenticated Permissions Bypass in DocumentsProvider

CVE-2020-0473 MEDIUM

Android - Local Privilege Escalation via Bluetooth File Transfer

CVE-2020-8919 LOW

Gerrit 2.15.0-2.15.20 - Unauthenticated Information Disclosure via Branch REST API

CVE-2020-29454 MEDIUM

Umbraco CMS < 8.9.1 - Incorrect Authorization in LogViewer Endpoint

CVE-2020-26250 MEDIUM

OAuthenticator <0.12.2 - Info Disclosure

CVE-2020-29374 LOW

Linux kernel <5.7.3 - Memory Corruption

CVE-2020-15248 MEDIUM

October CMS <1.0.470 - Privilege Escalation

Previous Page 105 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy