Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,099 vulnerabilities with CWE-863

CVE-2021-32986 CRITICAL

Automation Direct CLICK PLC CPU <3.00 - Privilege Escalation

CVE-2021-32960 HIGH

Rockwellautomation Factorytalk Services Platform < 6.11.00 - Incorrect Authorization

CVE-2021-28504 HIGH

Arista EOS 4.26-4.26.4m - Improper Access Control via TCAM Profile VXLAN Protocol Rule

CVE-2021-37517 HIGH

Dolibarr ERP/CRM < 14.0.1 - Denial of Service via Forgot-Password Email Handling

CVE-2021-3456 HIGH

Foreman smart_proxy_salt < 2.1.5 - Authenticated Incorrect Authorization

CVE-2021-39790 HIGH

Android 12L - Unauthenticated Local Privilege Escalation via Visual Voicemail Settings Manipulation

CVE-2021-39789 HIGH

Android 12L - Incorrect Authorization in Telecom

CVE-2021-39876 MEDIUM

GitLab 11.3-14.1.7 - Unauthenticated Information Disclosure via Assignee Auto-Complete Endpoint

CVE-2021-20290 MEDIUM

Foreman OpenSCAP < 0.9.1 - Authenticated Incorrect Authorization and Denial of Service

CVE-2021-24905 HIGH

Advanced Contact form 7 DB <1.8.7 - CSRF

CVE-2021-41233 MEDIUM

Nextcloud <22.2.1 - Info Disclosure

CVE-2021-41241 MEDIUM

Nextcloud Server < 20.0.14 - Missing Authorization in Groupfolders Subfolder Access

CVE-2021-24824 MEDIUM

Custom Content Shortcode <4.0.1 - Info Disclosure

CVE-2021-3658 MEDIUM

bluez < 5.61 - Incorrect Authorization via Discoverable Status Persistence

CVE-2021-3560 HIGH KEV

polkit < 0.119 - Unauthenticated Privilege Escalation via D-Bus Request

CVE-2021-22042 HIGH

VMware Cloud Foundation 4.0-4.3 - Unauthorized Access via VMX Authorization Ticket

CVE-2021-39943 MEDIUM

GitLab 14.1.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in External Status Check API

CVE-2021-24947 MEDIUM

RVM WordPress <6.4.2 - Info Disclosure

CVE-2021-29394 MEDIUM

Northstar Club Management 6.3 - Authenticated Account Hijacking via UserID Parameter

CVE-2021-41571 MEDIUM

Apache Pulsar < 2.6.4 - Incorrect Authorization in Admin API get-message-by-id

CVE-2021-25097 MEDIUM

LabTools < 1.0 - Authenticated Cross-Site Request Forgery in Publication Deletion

CVE-2021-46561 HIGH

CVE Services API 1.1.1 - Incorrect Authorization via User Account Transfer

CVE-2021-4133 HIGH

Keycloak 12.0.0-15.1.0 - Incorrect Authorization via Administrative REST API

CVE-2021-24733 MEDIUM

WP Post Page Clone <1.2 - Info Disclosure

CVE-2021-37864 LOW

Mattermost < 6.1 - Authenticated Improper Access Control via Archived Channel API

Previous Page 92 of 124 Next

Details

Vulnerabilities 3,099

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy