Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,098 vulnerabilities with CWE-863

CVE-2022-26479 CRITICAL

Poly EagleEye Director II <2.2.2.1 - Privilege Escalation

CVE-2022-36126 HIGH

Inductive Automation Ignition <7.9.20, <8.1.17 - RCE

CVE-2022-35890 CRITICAL

Inductive Automation Ignition <7.9.20, <8.x-8.1.17 - Info Disclosure

CVE-2022-31153 MEDIUM

OpenZeppelin Contracts for Cairo <0.2.0 - Info Disclosure

CVE-2022-31107 HIGH

Grafana <9.0.3, 8.5.9, 8.4.10, 8.3.10 - Auth Bypass

CVE-2022-2408 MEDIUM

Mattermost <= 6.7.0 - Unauthorized Public Channel List Exposure via Guest Account

CVE-2022-30203 HIGH

Windows Boot Manager - Security Feature Bypass via Incorrect Authorization

CVE-2022-29619 MEDIUM

SAP BusinessObjects Business Intelligence Platform 4.20,4.30 - Incorrect Authorization

CVE-2022-31139 MEDIUM

UnsafeAccessor <1.7.0 - Privilege Escalation

CVE-2022-32294 CRITICAL

Zimbra Collaboration 8.8.15 - Unauthenticated Cleartext Password Exposure via Syslog

CVE-2022-32290 MEDIUM

Northern.tech Mender 3.2.0-3.2.2 - Incorrect Access Control via HTTP Proxy

CVE-2022-32310 CRITICAL

Ingredient Stock Management System 1.0 - Account Takeover via Users.php POST Request

CVE-2022-1981 LOW

GitLab EE <14.10.5, <15.0.4, <15.1.1 - Auth Bypass

CVE-2022-1983 MEDIUM

GitLab EE <14.10.5-15.0.4-15.1.1 - Privilege Escalation

CVE-2022-34814 MEDIUM

Jenkins Request Rename Or Delete Plugin < 1.1.0 - Unauthorized Access to Administrative Configuration Page

CVE-2022-34785 MEDIUM

Jenkins build-metrics < 1.3 - Incorrect Authorization in HTTP Endpoints

CVE-2022-34782 MEDIUM

Jenkins requests-plugin < 2.2.16 - Incorrect Authorization

CVE-2022-29271 MEDIUM

Nagios XI <5.8.5 - Privilege Escalation

CVE-2022-32532 CRITICAL

Apache Shiro < 1.9.1 - Authorization Bypass via RegexRequestMatcher Misconfiguration

CVE-2022-31087 HIGH

LDAP Account Manager <8.0 - Code Injection

CVE-2022-31039 MEDIUM

Greenlight <2.12.6 - Info Disclosure

CVE-2022-1746 HIGH

Dominion Voting Systems ImageCast X - Incorrect Privilege Assignment

CVE-2022-34180 HIGH

Jenkins Embeddable Build Status Plugin <2.0.3 - Info Disclosure

CVE-2022-22967 HIGH

SaltStack Salt < 3002.9 - Incorrect Authorization for Locked PAM Accounts

CVE-2022-26668 HIGH

ASUS Control Center API - Privilege Escalation

Previous Page 86 of 124 Next

Details

Vulnerabilities 3,098

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy