Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2019-19200 HIGH

REDDOXX MailDepot 2032-2.2.1242 - Privilege Escalation

CVE-2019-20801 MEDIUM

Readdle Documents < 6.9.7 - Unauthenticated Data Access via Cross-Origin WebSocket

CVE-2019-11361 HIGH

Zoho ManageEngine Remote Access Plus <10.0.258 - Privilege Escalation

CVE-2019-13001 MEDIUM

GitLab 11.9.0-12.0.2 - Unauthenticated Snippet Comment Authorization Bypass

CVE-2019-4745 MEDIUM

IBM Maximo Asset Mgmt <7.6.1.0 - Info Disclosure

CVE-2019-5474 MEDIUM

GitLab 11.8.0-11.11.5 - Improper Access Control via Merge Request Approval Rules

CVE-2019-17190 HIGH

Avast Secure Browser 76.0.1659.101 - Local Privilege Escalation via Update.ini Hard Link

CVE-2019-17014 HIGH

Firefox < 71.0 - Cross-Origin Information Leak via Dragged Image

CVE-2019-14843 HIGH

Red Hat Single Sign-On - Authentication Bypass

CVE-2019-6855 HIGH

EcoStruxure Control Expert <14.1 - Auth Bypass

CVE-2019-20213 HIGH

D-Link DIR-859 Firmware < 1.07b03_beta - Unauthenticated Information Disclosure via AUTHORIZED_GROUP Parameter

CVE-2019-12837 MEDIUM

accesuniversitat.gencat.cat 1.7.5 - Unauthenticated Personal Information Exposure via Java API

CVE-2019-4343 MEDIUM

IBM Cognos Analytics 11.0-11.1 - SSRF

CVE-2019-19681 HIGH

Pandora FMS 7.x - Authenticated Remote Code Execution via Alert System Command Injection

CVE-2019-19984 MEDIUM

Email Subscribers & Newsletters < 4.2.3 - Incorrect Authorization

CVE-2019-11294 MEDIUM

Cloud Foundry CAPI 1.88.0 - Unauthorized Exposure of Sensitive Service Broker Information

CVE-2019-8512 MEDIUM

iPhone OS < 12.2 - Unauthenticated Remote Device Wipe via Enterprise Administrator Authorization

CVE-2019-0384 HIGH

SAP Treasury and Risk Management - Incorrect Authorization

CVE-2019-0383 HIGH

SAP Treasury and Risk Management - Authenticated Privilege Escalation via Missing Authorization Check

CVE-2019-7192 CRITICAL KEV

QNAP Photo Station - Info Disclosure

CVE-2019-19597 HIGH

D-Link DAP-1860 <v1.04b03 Beta - RCE

CVE-2019-19520 HIGH

OpenBSD 6.6 - Privilege Escalation via LIBGL_DRIVERS_PATH Environment Variable

CVE-2019-5879 MEDIUM

Google Chrome < 77.0.3865.75 - Insufficient Policy Enforcement in Extensions

CVE-2019-5864 MEDIUM

Chrome < 76.0.3809.87 - Content Security Policy Bypass via Malicious Extension

CVE-2019-13716 MEDIUM

Google Chrome < 78.0.3904.70 - Incorrect Authorization via Service Worker Policy Bypass

Previous Page 112 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy