Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2018-8044 HIGH

K7Computing Antivirus < 16.0.0001 - Incorrect Access Control in K7Sentry.sys

CVE-2018-21039 HIGH

Samsung Android N(7.0) - Unauthenticated Lockscreen Bypass via Quick Tools Compass Feature

CVE-2018-21082 HIGH

Samsung Android N(7.x) - Unauthenticated App Pinning and Lock-Screen Bypass via Dex Station

CVE-2018-11802 MEDIUM

Apache Solr < 6.6.6 and 7.0.0-7.7.0 - Incorrect Authorization via Collection Proxy Request

CVE-2018-20498 MEDIUM

GitLab 8.10.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Incorrect Authorization

CVE-2018-20494 HIGH

GitLab 8.4.0-11.4.12 11.5.0-11.5.5 11.6.0 - Incorrect Authorization

CVE-2018-20493 MEDIUM

GitLab 8.17.0-11.4.12 11.5.0-11.5.5 11.6.0 - Incorrect Authorization

CVE-2018-20492 MEDIUM

GitLab 8.0.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Incorrect Authorization

CVE-2018-18819 MEDIUM

Mitel Micollab < 7.3.0.601 - Incorrect Authorization

CVE-2018-21030 MEDIUM

Jupyter Notebook < 5.5.0 - Cross-Site Scripting via SVG File

CVE-2018-20826 MEDIUM

Jira < 7.12.3 - Authenticated Incorrect Authorization in Inline-Create REST Resource

CVE-2018-13382 CRITICAL KEV

FortiProxy < 1.2.9 and FortiOS 5.4.1-5.4.10 - Unauthenticated Password Modification via SSL VPN Web Portal

CVE-2018-15640 HIGH

Odoo 10.0-12.0 - Authenticated Privilege Escalation in Helpdesk App

CVE-2018-19515 CRITICAL

Webgalamb < 7.0 - Unauthenticated Incorrect Authorization via bgsend/atment_sddd1xGz/xls_bgimport Parameters

CVE-2018-18815 CRITICAL

TIBCO JasperReports Server < 6.4.3 and 7.1.0 - Unauthenticated Authorization Bypass via REST API

CVE-2018-8790 HIGH

Check Point ZoneAlarm <15.3.064.17729 - RCE

CVE-2018-12391 HIGH

Firefox for Android < 63.0 - Incorrect Authorization via HTTP Live Stream Playback

CVE-2018-10910 MEDIUM

bluez < 5.51 - Unauthenticated Bluetooth Pairing via Discoverable State

CVE-2018-14666 MEDIUM

Red Hat Satellite 6.0-6.3 - Improper Authorization in Smart Class Feature

CVE-2018-5741 MEDIUM

BIND < 9.11.5 - Incorrect Authorization in Dynamic DNS Update Policy

CVE-2018-20685 MEDIUM

OpenSSH < 7.9 - Incorrect Authorization via SCP Filename Manipulation

CVE-2018-1000420 MEDIUM

Jenkins Mesos Plugin <0.17.1 - Auth Bypass

CVE-2018-1000418 HIGH

Jenkins HipChat Plugin <2.2.0 - Auth Bypass

CVE-2018-1000412 HIGH

Jenkins Jira Plugin <3.0.1 - Auth Bypass

CVE-2018-7366 MEDIUM

ZTE ZXV10 B860AV2.1 ChinaMobile Firmware - Authentication Bypass

Previous Page 116 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy