CWE-285
Improper Authorization
Description
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-104 · CAPEC-127 · CAPEC-13 · CAPEC-17 · CAPEC-39 · CAPEC-402 · CAPEC-45 · CAPEC-5 · CAPEC-51 · CAPEC-59 · CAPEC-60 · CAPEC-647 · CAPEC-668 · CAPEC-76 · CAPEC-77 · CAPEC-87
CVEs mapped to this weakness (812)
page 1 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33105 | Cri | 0.65 | 10.0 | 0.01 | Apr 3, 2026 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-32213 | Cri | 0.65 | 10.0 | 0.01 | Apr 3, 2026 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2016-5788 | Cri | 0.65 | 10.0 | 0.02 | Nov 25, 2016 | General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | ||
| CVE-2026-30496 | Cri | 0.64 | 9.8 | 0.00 | May 7, 2026 | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration (74 endpoints) and writing/modifying settings including… | ||
| CVE-2025-31255 | Cri | 0.64 | 9.8 | 0.01 | Sep 15, 2025 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to access sensitive user data. | ||
| CVE-2025-7778 | Cri | 0.64 | 9.8 | 0.01 | Aug 15, 2025 | The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to… | ||
| CVE-2025-4631 | Cri | 0.64 | 9.8 | 0.01 | May 31, 2025 | The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects whose '_datatype' is set… | ||
| CVE-2025-3918 | Cri | 0.64 | 9.8 | 0.00 | May 3, 2025 | The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $_POST['user_role'] and passes it directly to… | ||
| CVE-2025-2345 | Cri | 0.64 | 9.8 | 0.01 | Mar 16, 2025 | A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early… | ||
| CVE-2024-28285 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges. | ||
| CVE-2017-16743 | Cri | 0.64 | 9.8 | 0.03 | Jan 12, 2018 | An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service… | ||
| CVE-2017-6044 | Cri | 0.64 | 9.8 | 0.04 | Jun 30, 2017 | An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to… | ||
| CVE-2016-0922 | Cri | 0.64 | 9.8 | 0.01 | Sep 18, 2016 | EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. | ||
| CVE-2016-6825 | Cri | 0.64 | 9.8 | 0.02 | Sep 7, 2016 | Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote… | ||
| CVE-2016-5799 | Cri | 0.64 | 9.8 | 0.04 | Aug 24, 2016 | Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||
| CVE-2026-33823 | Cri | 0.62 | 9.6 | 0.01 | May 7, 2026 | Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. | ||
| CVE-2017-11398 | Hig | 0.61 | 8.8 | 0.08 | Jan 19, 2018 | A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. | ||
| CVE-2026-45052 | — | cri | 0.59 | — | — | Jun 24, 2026 | ## Summary **Description** An Improper Authorization (CWE-285) issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm… | |
| CVE-2026-48579 | Cri | 0.59 | 9.1 | 0.01 | Jun 4, 2026 | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2019-19723 | cri | 0.59 | — | 0.00 | Sep 4, 2020 | All versions of `passport-cognito` are vulnerable to Improper Authorization. The package fails to properly scope the variables containing authorization information, such as access token, refresh token and ID token. This causes a race condition where simultaneous authenticated… |
- risk 0.65cvss 10.0epss 0.01
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss 10.0epss 0.01
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss 10.0epss 0.02
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.
- risk 0.64cvss 9.8epss 0.00
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration (74 endpoints) and writing/modifying settings including…
- risk 0.64cvss 9.8epss 0.01
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to access sensitive user data.
- risk 0.64cvss 9.8epss 0.01
The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to…
- risk 0.64cvss 9.8epss 0.01
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects whose '_datatype' is set…
- risk 0.64cvss 9.8epss 0.00
The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $_POST['user_role'] and passes it directly to…
- risk 0.64cvss 9.8epss 0.01
A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early…
- risk 0.64cvss 9.8epss 0.01
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges.
- risk 0.64cvss 9.8epss 0.03
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service…
- risk 0.64cvss 9.8epss 0.04
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to…
- risk 0.64cvss 9.8epss 0.01
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.
- risk 0.64cvss 9.8epss 0.02
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote…
- risk 0.64cvss 9.8epss 0.04
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
- risk 0.62cvss 9.6epss 0.01
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
- risk 0.61cvss 8.8epss 0.08
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
- risk 0.59cvss —epss —
## Summary **Description** An Improper Authorization (CWE-285) issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm…
- risk 0.59cvss 9.1epss 0.01
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
- risk 0.59cvss —epss 0.00
All versions of `passport-cognito` are vulnerable to Improper Authorization. The package fails to properly scope the variables containing authorization information, such as access token, refresh token and ID token. This causes a race condition where simultaneous authenticated…