CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863
CVE-2019-16538 HIGH
Jenkins Script Security Plugin <1.67 - RCE
CVSS 8.8
CVE-2019-18949 HIGH
SnowHaze < 2.6.6 - Unintended JavaScript Execution via Redirection Chain
CVSS 7.5
CVE-2019-5231 MEDIUM
P30 <ELLE-AL00B 9.1.0.186(C00E180R2P1 - Auth Bypass
CVSS 4.6
CVE-2019-4509 MEDIUM
IBM QRadar <7.3.2.4 - Info Disclosure
CVSS 4.3
CVE-2019-12419 CRITICAL
Oracle Retail Order Broker - Incorrect Authorization in OpenId Connect Access Token Service
CVSS 9.8
CVE-2019-5533 MEDIUM
VMware SD-WAN by VeloCloud 3.1.1-3.2.x - Incorrect Authorization
CVSS 4.3
CVE-2019-4311 MEDIUM
IBM Security Guardium Big Data Intelligence - Info Disclosure
CVSS 5.3
CVE-2019-6144 MEDIUM
Forcepoint One Endpoint 19.04-19.08 - Authenticated DLP and Web Protection Bypass
CVSS 6.5
CVE-2019-15900 CRITICAL
slicer69 doas <6.2 - Privilege Escalation
CVSS 9.8
CVE-2019-14832 HIGH
Keycloak < 8.0.0 - Authenticated Incorrect Authorization via Realm Access Bypass
CVSS 7.5
CVE-2019-17191 HIGH
Signal Private Messenger < 4.47.7 - Unauthenticated Call Forcing via Connect Message
CVSS 7.5
CVE-2019-9364 LOW
Android 10 - Unauthenticated Local Information Disclosure via AudioService Permissions Bypass
CVSS 3.3
CVE-2019-9272 MEDIUM
Android 10 - Unauthenticated WiFi State Information Disclosure via Permissions Bypass
CVSS 5.5
CVE-2019-12671 HIGH
Cisco IOS XE - Authenticated Shell Access Bypass via Insufficient Consent Token Enforcement
CVSS 7.8
CVE-2019-15941 CRITICAL
LemonLDAP::NG 2.x-2.0.5 - Auth Bypass
CVSS 9.8
CVE-2019-12648 HIGH
Cisco IOS - Authenticated Unauthorized Access to Guest OS via Incorrect RBAC Evaluation
CVSS 8.8
CVE-2019-16884 HIGH
runc <1.0.0-rc8 - Privilege Escalation
CVSS 7.5
CVE-2019-6838 MEDIUM
U.motion Server - Incorrect Authorization
CVSS 6.5
CVE-2019-6836 HIGH
U.motion Server Firmware < 1.3.7 - Incorrect Authorization
CVSS 7.5
CVE-2019-15729 HIGH
GitLab 8.18-12.2.1 - Information Disclosure via Merge Request Pipeline Endpoint
CVSS 7.5
CVE-2019-14237 CRITICAL
NXP Kinetis KV1x, KV3x, and K8x Firmware - Incorrect Authorization via Flash Access Controls Bypass
CVSS 9.8
CVE-2019-14236 CRITICAL
STMicroelectronics - Info Disclosure
CVSS 9.8
CVE-2019-1289 MEDIUM
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via Delivery Optimization File Share Permissions
CVSS 5.5
CVE-2019-14995 MEDIUM
Jira Server 7.6.0-8.3.9 - Unauthenticated Information Disclosure via Attachment Existence Check
CVSS 5.3
CVE-2019-16114 CRITICAL
ATutor < 2.2.4 - Unauthenticated Remote Code Execution via Database Configuration Manipulation
CVSS 9.8
Details
Vulnerabilities 3,104
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits