Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2021-40639 HIGH

Jfinal CMS 5.1.0 - Incorrect Authorization via /classes/conf/db.properties

CVE-2021-39206 HIGH

Envoy < 1.16.5 - Incorrect Authorization

CVE-2021-28911 CRITICAL

BAB TECHNOLOGIE eibPort V3 < 3.9.1 - Unauthenticated Sensitive Data Exposure in /tmp Path

CVE-2021-22239 MEDIUM

GitLab 14.0.0-14.0.7 - Unauthenticated Metadata Injection in Issue Creation

CVE-2021-28567 MEDIUM

Magento < 2.4.2 - Authenticated Improper Authorization in Customers Module

CVE-2021-35526 MEDIUM

Hitachi ABB Power Grids System Data Manager - Info Disclosure

CVE-2021-1854 MEDIUM

iPadOS < 14.5 - Unauthenticated Call Termination Bypass

CVE-2021-35949 MEDIUM

ownCloud Server <10.8.0 - Auth Bypass

CVE-2021-38312 HIGH

Gutenberg Template Library & Redux Framework <= 4.2.11 - Auth Bypass

CVE-2021-39119 MEDIUM

Atlassian Jira Server and Data Center < 8.19.0 - Broken Access Control in Issue Notification Feature

CVE-2021-36039 MEDIUM

Magento Commerce <2.4.2-2.3.7 - Info Disclosure

CVE-2021-39164 LOW

Matrix Synapse < 1.41.1 - Unauthenticated Exposure of Room Membership via History Visibility

CVE-2021-39163 LOW

Matrix Synapse < 1.41.1 - Unauthenticated Exposure of Sensitive Room Information via Group Endpoints

CVE-2021-34434 MEDIUM

Eclipse Mosquitto 2.0-2.0.11 - Improper Authorization in Dynamic Security Plugin

CVE-2021-28696 MEDIUM

Xen - Incorrect Authorization in IOMMU Page Mapping

CVE-2021-22256 MEDIUM

GitLab 12.6.0-13.12.8 - Unauthenticated Issue Creation for Sentry Errors

CVE-2021-22247 MEDIUM

GitLab 13.0.0-13.12.9 - Incorrect Authorization for CI/CD Analytics

CVE-2021-22243 MEDIUM

GitLab 7.10.0-13.12.8 - Incorrect Authorization via Invite URL

CVE-2021-22236 MEDIUM

GitLab 14.1.0-14.1.1 - Incorrect Authorization via OAuth Client ID Handling

CVE-2021-39156 HIGH

Istio < 1.9.8 - Authorization Bypass via URI Fragment

CVE-2021-39155 HIGH

Istio < 1.9.8 - Authorization Policy Bypass via Case-Sensitive Hostname Comparison

CVE-2021-32779 HIGH

Envoy 1.16.0-1.16.4 - Privilege Escalation via URI Fragment Mishandling

CVE-2021-32777 HIGH

Envoy 1.16.0-1.16.4 - Authorization Bypass via Ext-Authz Header Merging

CVE-2021-30987 MEDIUM

macOS Monterey <12.1 - Info Disclosure

CVE-2021-30975 HIGH

macOS < 10.15.7 and 11.0-11.6.2 - Gatekeeper Bypass via Malicious OSAX Scripting Addition

Previous Page 96 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy