Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,098 vulnerabilities with CWE-863

CVE-2022-39214 CRITICAL

Combodo iTop < 2.7.8 - Authenticated Account Takeover via Username Knowledge

CVE-2022-4315 MEDIUM

GitLab DAST Analyzer 2.0-3.0.54 - Incorrect Authorization via Custom Request Headers

CVE-2022-46704 MEDIUM

macOS <13.1, <11.7.2, <12.6.2 - Info Disclosure

CVE-2022-34397 MEDIUM

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp <= 10.0.0.5 - Incorrect Authorization

CVE-2022-45544 HIGH

SCHLIX CMS 2.2.7-2 - Authenticated Arbitrary File Upload via tristao Parameter

CVE-2022-47002 CRITICAL

Masa CMS <7.4 - Auth Bypass

CVE-2022-45172 CRITICAL

LIVEBOX Collaboration vDesk < 018 - Unauthenticated Broken Access Control via Email Validation Endpoint

CVE-2022-45435 MEDIUM

SailPoint IdentityIQ < 8.0 - Incorrect Authorization via Identity Forwarding Configuration

CVE-2022-23739 CRITICAL

GitHub Enterprise Server < 3.7.1 - Incorrect Authorization in GraphQL API

CVE-2022-45353 MEDIUM

Betheme <= 26.6.1 - Broken Access Control

CVE-2022-2155 MEDIUM

Lumada APM 6.0.0.0-6.4.0.0 - Incorrect Authorization in User Asset Group Role

CVE-2022-4167 MEDIUM

GitLab 13.11.0-15.5.6, 15.6.0-15.6.3, 15.7.0-15.7.1 - Incorrect Authorization in Group Access Token Revocation

CVE-2022-46258 MEDIUM

GitHub Enterprise Server <3.7 - Auth Bypass

CVE-2022-43438 HIGH

easy_test 17l18s-22i26 - Authenticated Incorrect Authorization

CVE-2022-23553 HIGH

Alpine < 1.10.4 - URL Access Filter Bypass

CVE-2022-45891 CRITICAL

Planet eStream < 6.72.10.07 - Unauthenticated Incorrect Authorization via Upload2.ashx and View.aspx

CVE-2022-38475 MEDIUM

Firefox < 104.0 - Incorrect Authorization via Zero-Length JavaScript Array

CVE-2022-22754 MEDIUM

Firefox < 97.0 and Firefox ESR < 91.6 - Incorrect Authorization via Extension Auto-Update

CVE-2022-3188 MEDIUM

Dataprobe iBoot-PDU Firmware < 1.42.06162022 - Unauthenticated Information Disclosure via History File Download

CVE-2022-23551 MEDIUM

Azure AD Pod Identity < 1.8.13 - Improper Restriction of Security Token Assignment via Backslash Bypass

CVE-2022-43872 MEDIUM

IBM Financial Transaction Manager <3.2.4 - Info Disclosure

CVE-2022-46076 HIGH

D-Link DIR-869 DIR869Ax_FW102B15 - Auth Bypass

CVE-2022-23488 MEDIUM

BigBlueButton < 2.4-rc-6 - Unauthorized Webcam Stream Access via Lock Setting Bypass

CVE-2022-23490 MEDIUM

BigBlueButton < 2.4.0 - Unauthorized Poll Response Exposure via Current-Poll Collection

CVE-2022-42351 MEDIUM

Adobe Experience Manager < 6.5.15.0 and Cloud Service < 2022.10.0 - Incorrect Authorization

Previous Page 81 of 124 Next

Details

Vulnerabilities 3,098

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy