The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
3,104 vulnerabilities with CWE-863
CVE-2018-15465
HIGH
Cisco ASA <9.4.4.29, >=9.5 <9.6.4.20 Authenticated Privilege Escalation via Web Interface
CVSS 8.1
CVE-2018-17195
HIGH
Apache NiFi 1.0.0-1.7.1 - Cross-Site Request Forgery via Template Upload API
CVSS 7.5
CVE-2018-20147
MEDIUM
WordPress <4.9.9 & <5.0.1 - Auth Bypass
CVSS 6.5
CVE-2018-15774
LOW
Dell EMC iDRAC7/iDRAC8 < 2.61.60.60 and iDRAC9 < 3.20.21.20 - Authenticated Privilege Escalation via Redfish Interface
CVSS 3.8
CVE-2018-15754
MEDIUM
Cloud Foundry UAA 60.0-65.x - Authenticated Incorrect Authorization via Identity Provider Username Collision
CVSS 4.2
CVE-2018-17950
HIGH
Micro Focus eDirectory < 9.1 SP2 - Incorrect Authorization
CVSS 7.5
CVE-2018-18397
MEDIUM
Linux Kernel < 4.19.7 - Incorrect Authorization via userfaultfd UFFDIO_ ioctl
CVSS 5.5
CVE-2018-2494
HIGH
SAP Business Application Software Integrated Solution 7.00-7.02 - Authenticated Privilege Escalation
CVSS 8.0
CVE-2018-7079
HIGH
Aruba ClearPass Policy Manager < 6.6.10 - Authenticated Incorrect Authorization
CVSS 7.2
CVE-2018-15767
HIGH
Dell OpenManage Network Manager < 6.5.3 - Incorrect Authorization via Sudoers Misconfiguration
CVSS 8.8
CVE-2018-14748
HIGH
QTS <4.3.5-4.2.6 - Privilege Escalation
CVSS 7.5
CVE-2018-7988
MEDIUM
Factory Reset Protection Bypass - Privilege Escalation
CVSS 4.6
CVE-2018-13356
HIGH
TerraMaster TOS 3.1.03 - Incorrect Authorization via ajaxdata.php
CVSS 8.8
CVE-2018-13324
CRITICAL
Buffalo TS5600D1206 Firmware 3.61-0.10 - Unauthenticated Authentication Bypass via HTTP Host Header
CVSS 9.8
CVE-2018-18955
HIGH
Linux Nested User Namespace idmap Limit Local Privilege Escalation
CVSS 7.0
CVE-2018-15693
MEDIUM
inova_partner < 5.0.5 - Authenticated Authorization Bypass via Insecure Direct Object Reference
CVSS 6.4
CVE-2018-15692
MEDIUM
Inova Partner < 5.0.5 - Authenticated Authorization Bypass and Data Manipulation
CVSS 6.4
CVE-2018-7363
MEDIUM
ZTE ZXHN F670 Firmware < 1.1.10p3t18 - Unauthenticated Credential Brute Force via appviahttp Service
CVSS 4.3
CVE-2018-16620
HIGH
Sonatype Nexus Repository Manager <3.14 - Privilege Escalation
CVSS 7.5
CVE-2018-6980
HIGH
VMware vRealize Log Insight 4.6-4.6.1 and 4.7 < 4.7.1 - Incorrect Authorization in User Registration Method
CVSS 7.2
CVE-2018-7926
MEDIUM
Huawei Watch 2 <OWDD.180707.001.E1 - Auth Bypass
CVSS 4.6
CVE-2018-7925
MEDIUM
Huawei Emily-AL00A <8.1.0.171 - Auth Bypass
CVSS 6.8
CVE-2018-9488
HIGH
Android 8.0-9.0 - Incorrect Authorization in SELinux crash_dump.te Permissions
CVSS 7.8
CVE-2018-14665
MEDIUM
xorg-x11-server <1.20.3 - Privilege Escalation
CVSS 6.6
CVE-2018-12369
CRITICAL
Firefox < 61 and Firefox ESR < 60.1 - Incorrect Authorization for WebExtensions with Embedded Experiments
CVSS 9.8
Details
Vulnerabilities
3,104
Exploit Likelihood
High