CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863
CVE-2023-25043 MEDIUM
Supsystic Data Tables Generator <1.10.25 - Info Disclosure
CVSS 4.3
CVE-2023-52538 CRITICAL
Huawei EMUI and HarmonyOS - Incorrect Authorization in HwIms Module
CVSS 9.1
CVE-2023-6400 HIGH
OpenText ZENworks <23.4 - Info Disclosure
CVSS 7.4
CVE-2023-49982 HIGH
School Fees Management System 1.0 - Incorrect Authorization in User Management Component
CVSS 8.8
CVE-2023-50811 MEDIUM
SELESTA Visual Access Manager 4.38.6 - Unauthenticated Access Control Bypass via Parameter Manipulation
CVSS 6.5
CVE-2023-50886 MEDIUM
wpWax Legal Pages <= 1.3.7 - Cross-Site Request Forgery and Incorrect Authorization
CVSS 4.3
CVE-2023-50726 MEDIUM
Argo CD 1.2.0-2.8.11, 2.9.0-2.9.7 - Improper Privilege Management via Local Sync Feature
CVSS 6.4
CVE-2023-45793 MEDIUM
Siveillance Control 2.8-3.1.1 - Incorrect Authorization
CVSS 5.5
CVE-2023-47716 MEDIUM
IBM CP4BA - Filenet Content Manager 5.5.8.0, 5.5.10.0, 5.5.11.0 - Incorrect Authorization
CVSS 6.3
CVE-2023-3509 LOW
GitLab <16.7.6, <16.8.3, <16.9.1 - Info Disclosure
CVSS 3.7
CVE-2023-46241 CRITICAL
discourse/microsoft_authentication < 2024-02-20 - Incorrect Authorization via Microsoft Account Type Misconfiguration
CVSS 9.0
CVE-2023-42860 MEDIUM
macOS 12.0-12.7.0 - Unprotected User Data Exposure via Path Handling Issue
CVSS 5.5
CVE-2023-52374 HIGH
Huawei EMUI and HarmonyOS - Incorrect Authorization in Package Management Module
CVSS 7.5
CVE-2023-52361 HIGH
HarmonyOS - Incorrect Authorization in VerifiedBoot Module
CVSS 7.5
CVE-2023-6152 MEDIUM
Grafana - Incorrect Authorization via Email Verification Bypass
CVSS 5.4
CVE-2023-6036 CRITICAL
Web3 WordPress <3.0.0 - Auth Bypass
CVSS 9.8
CVE-2023-51761 HIGH
Emerson Rosemount GC370XA-GC700XA-GC1500XA - Auth Bypass
CVSS 8.3
CVE-2023-43609 MEDIUM
Emerson Rosemount GC370XA-GC1500XA - Info Disclosure/DoS
CVSS 6.9
CVE-2023-6564 MEDIUM
GitLab EE Premium/Ultimate <16.4.3-16.6.1 - Privilege Escalation
CVSS 6.5
CVE-2023-6963 MEDIUM
Getwid - Gutenberg Blocks <= 2.0.4 - Unauthenticated CAPTCHA Bypass via Omitted g-recaptcha-response
CVSS 5.3
CVE-2023-32967 MEDIUM
QNAP QTS 4.5.4.2627 and QuTScloud < c5.1.5.2651 - Authenticated Improper Authorization
CVSS 5.0
CVE-2023-47142 HIGH
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0-7.3.0.10 - Privilege Escalation via Unauthorized API Access
CVSS 7.5
CVE-2023-35836 MEDIUM
SolaX Pocket WiFi 3 Firmware 3.0.0-3.001.02 - Unauthenticated Cleartext Network Configuration Exposure
CVSS 6.5
CVE-2023-49783 MEDIUM
Silverstripe Admin 1.x < 1.13.19 and 2.x < 2.1.8 - Incorrect Authorization via CSV Import Form
CVSS 4.3
CVE-2023-44401 MEDIUM
Silverstripe GraphQL 4.0.0-4.3.6 and 5.0.0-5.1.2 - Incorrect Authorization via Paginated GraphQL Queries
CVSS 5.3
Details
Vulnerabilities 3,087
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits