Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,098 vulnerabilities with CWE-863

CVE-2022-31589 MEDIUM

SAP ERP Financial Accounting - Incorrect Authorization in Israeli File SHAAM Program

CVE-2022-27668 CRITICAL

SAP NetWeaver and ABAP Platform - Unauthenticated Remote Command Execution via SAProuter Administration Commands

CVE-2022-33174 CRITICAL

Powertek firmware <3.30.30 - Auth Bypass

CVE-2022-30311 CRITICAL

Festo CECC-X-M1 Firmware < 3.8.14 - Unauthenticated OS Command Injection via cecc-x-refresh-request Endpoint

CVE-2022-30310 CRITICAL

Festo Controller CECC-X-M1 Firmware < 3.8.14 - Unauthenticated OS Command Injection via cecc-x-acknerr-request Endpoint

CVE-2022-30309 CRITICAL

Festo Controller CECC-X-M1 Firmware < 3.8.14 - Unauthenticated OS Command Injection via HTTP Endpoint

CVE-2022-30308 CRITICAL

Festo Controller CECC-X-M1 Firmware < 3.8.14 - Unauthenticated OS Command Injection via HTTP Endpoint

CVE-2022-1944 MEDIUM

GitLab CE/EE <14.9.5-15.0.1 - Privilege Escalation

CVE-2022-1936 MEDIUM

GitLab 12.0.0-14.9.4, 14.10.0-14.10.3, 15.0.0 - Incorrect Authorization via Project Deploy Token

CVE-2022-1935 MEDIUM

GitLab EE 12.0-14.9.4, 14.10-14.10.3, 15.0 - Incorrect Authorization via Project Trigger Token Bypass

CVE-2022-1589 HIGH

All in One Login < 1.1.0 - Unauthenticated Cross-Site Request Forgery

CVE-2022-26767 MEDIUM

macOS <12.4-11.6.6 - Privilege Escalation

CVE-2022-30016 HIGH

Rescue Dispatch Management System 1.0 - Incorrect Access Control via System Info Page

CVE-2022-22978 CRITICAL

Spring Security < 5.5.7 - Authorization Bypass via RegexRequestMatcher Misconfiguration

CVE-2022-1706 MEDIUM

Ignition < 2.14.0 - Unauthenticated Information Disclosure via VMware VM Container Access

CVE-2022-1753 MEDIUM

wowonder - Improper Access Control via group_id Parameter in requests.php

CVE-2022-1553 MEDIUM

Publify < 9.2.8 - Unauthenticated Password-Protected Article Content Disclosure

CVE-2022-0574 MEDIUM

GitHub publify/publify <9.2.8 - Info Disclosure

CVE-2022-29854 MEDIUM

Mitel 6900 Series IP (MiNet) < 1.8.0.12 - Unauthenticated Root Access via Test Functionality

CVE-2022-29218 HIGH

RubyGems.org - Authentication Bypass by Spoofing via Gem Upload Platform Handling

CVE-2022-27134 HIGH

EOSIO batdappboomx v327c04cf - Incorrect Authorization in Transfer Function

CVE-2022-23139 HIGH

ZTE ZXMP M721 Firmware - Incorrect Authorization via SFTP Folder Permission Mismatch

CVE-2022-24584 MEDIUM

Yubico OTP - Incorrect Authorization via Reprogrammed Token Configuration

CVE-2022-28774 MEDIUM

SAP Host Agent - Unprotected Sensitive Information Exposure in Logfile

CVE-2022-1460 MEDIUM

GitLab 9.2-14.8.5, 14.9-14.9.3, 14.10 - Incorrect Authorization for Scheduled Pipelines

Previous Page 87 of 124 Next

Details

Vulnerabilities 3,098

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy