Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,076 vulnerabilities with CWE-863

CVE-2024-21275 HIGH

Oracle E-Business Suite 12.2.7-12.2.13 - Authenticated Incorrect Authorization in User Interface

CVE-2024-21271 HIGH

Oracle E-Business Suite 12.2.3-12.2.13 - Incorrect Authorization in Field Service Engineer Portal

CVE-2024-21270 HIGH

Oracle E-Business Suite 12.2.6-12.2.13 - Authenticated Incorrect Authorization in Tasks Component

CVE-2024-21269 HIGH

Oracle E-Business Suite 12.2.3-12.2.13 - Authenticated Incorrect Authorization in Compensation Plan

CVE-2024-21268 HIGH

Oracle E-Business Suite 12.2.11-12.2.13 - Incorrect Authorization in Oracle Applications Manager Diagnostics

CVE-2024-21267 HIGH

Oracle E-Business Suite 12.2.12-12.2.13 - Authenticated Incorrect Authorization in Cost Planning

CVE-2024-21266 HIGH

Oracle E-Business Suite 12.2.3-12.2.13 - Authenticated Incorrect Authorization in Price List

CVE-2024-21265 HIGH

Oracle E-Business Suite 12.2.3-12.2.13 - Authenticated Incorrect Authorization in Site Hierarchy Flows

CVE-2024-21262 MEDIUM

MySQL Connectors <= 9.0.0 - Unauthenticated Incorrect Authorization

CVE-2024-21260 HIGH

Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Denial of Service via T3, IIOP

CVE-2024-21259 HIGH

Oracle VM VirtualBox < 7.0.22 - Authenticated Remote Code Execution

CVE-2024-21249 MEDIUM

Oracle PeopleSoft Enterprise FIN Expenses 9.2 - Unauthorized Data Access via Expenses Component

CVE-2024-47876 HIGH

Sakai 23.0-23.1 - Improper Authorization via Roleview User Type

CVE-2024-48911 HIGH

OpenCanary < 0.9.4 - Privilege Escalation via Config File Manipulation

CVE-2024-48792 HIGH

Hideez com.hideez <2.7.8.3 - Info Disclosure

CVE-2024-48772 CRITICAL

C-CHIP com.cchip.cchipamaota 1.2.8 - Sensitive Information Exposure via Firmware Update Process

CVE-2024-48787 CRITICAL

Revic Optics Revic Ops <1.12.5 - Info Disclosure

CVE-2024-48786 CRITICAL

SWITCHBOT INC SwitchBot <5.0.4 - Info Disclosure

CVE-2024-48784 CRITICAL

SAMPMAX homemax <2.1.2.7 - Info Disclosure

CVE-2024-48778 CRITICAL

Giant Manufacturing Co., Ltd RideLink <2.0.7 - Info Disclosure

CVE-2024-48769 CRITICAL

BURG-WCHTER KG de.burgwachter.keyapp.app <4.5.0 - Info Disclosure

CVE-2024-8970 HIGH

GitLab 11.6-17.2.8, 17.3-17.3.4, 17.4-17.4.1 - Incorrect Authorization

CVE-2024-9623 MEDIUM

GitLab 8.16-17.2.8, 17.3-17.3.4, 17.4-17.4.1 - Incorrect Authorization for Deploy Key Push to Archived Repository

CVE-2024-45132 MEDIUM

Adobe Commerce <2.4.7-p2 - Privilege Escalation

CVE-2024-45131 MEDIUM

Adobe Commerce <2.4.7-p2 - Auth Bypass

Previous Page 52 of 124 Next

Details

Vulnerabilities 3,076

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy