Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,088 vulnerabilities with CWE-863

CVE-2023-46125 MEDIUM

Fides < 2.22.1 - Unauthorized Exposure of Sensitive Configuration via API Endpoint

CVE-2023-43961 HIGH

Dromara SaToken <1.3.50RC - Auth Bypass

CVE-2023-43508 MEDIUM

ClearPass Policy Manager - Privilege Escalation

CVE-2023-34051 CRITICAL

VMware Aria Operations for Logs - RCE

CVE-2023-22067 MEDIUM

Oracle Java SE <8u381-21.3.7 - Unauthorized Update

CVE-2023-43119 CRITICAL

Extreme Networks Switch Engine <32.5.1.5 - Privilege Escalation

CVE-2023-29484 MEDIUM

Terminalfour < 8.3.16 - Incorrect Authorization via LDAP Misconfiguration

CVE-2023-38218 HIGH

Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - Authenticated Info Exposure & Privilege Escalation

CVE-2023-40829 HIGH

Tencent Enterprise Wechat Privatization <2.6.930000 - Info Disclosure

CVE-2023-41882 MEDIUM

vantage6 < 4.0.0 - Improper Access Control in Task Collection Endpoint

CVE-2023-35653 MEDIUM

Google Android - Incorrect Authorization

CVE-2023-28635 MEDIUM

vantage6 < 4.0.0 - Incorrect Authorization via Integer Resource Name

CVE-2023-5521 CRITICAL

kernelsu < 0.6.9 - Incorrect Authorization

CVE-2023-36556 HIGH

FortiMail 6.0.0-6.0.11, 7.0.0-7.0.5, 7.2.0-7.2.2 - Authenticated Incorrect Authorization via Crafted HTTP Requests

CVE-2023-44860 HIGH

NETIS SYSTEMS N3Mv2 1.0.1.865 - Denial of Service via Authorization Component

CVE-2023-1832 MEDIUM

Candlepin < 4.3.7-3 - Improper Access Control

CVE-2023-4997 HIGH

ProIntegra Uptime DC < 2.0.0.33940 - Authenticated Privilege Escalation via Password Change

CVE-2023-5106 HIGH

GitLab EE <16.2.8-16.4.1 - Privilege Escalation

CVE-2023-5195 MEDIUM

Mattermost 7.0.0-7.8.9 and 8.1.0 - Incorrect Authorization in Team Soft Delete

CVE-2023-5194 LOW

Mattermost 7.0.0-7.8.9 and 8.1.0 - Incorrect Authorization in User Demotion

CVE-2023-5193 MEDIUM

Mattermost 7.0.0-7.8.9 and 8.1.0 - Incorrect Authorization in Direct Message Post Retrieval

CVE-2023-5159 LOW

Mattermost 7.0.0-7.8.9 and 8.1.0 - Incorrect Authorization in Bot Management

CVE-2023-5198 MEDIUM

GitLab <16.2.7, <16.3.5, <16.4.1 - Info Disclosure

CVE-2023-4532 MEDIUM

GitLab <16.2.8-16.4.1 - Info Disclosure

CVE-2023-3979 LOW

GitLab 10.6-16.2.7, 16.3-16.3.4, 16.4 - Incorrect Authorization in Merge Request Source Branch

Previous Page 67 of 124 Next

Details

Vulnerabilities 3,088

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy