CWE-285
Improper Authorization
Description
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-104 · CAPEC-127 · CAPEC-13 · CAPEC-17 · CAPEC-39 · CAPEC-402 · CAPEC-45 · CAPEC-5 · CAPEC-51 · CAPEC-59 · CAPEC-60 · CAPEC-647 · CAPEC-668 · CAPEC-76 · CAPEC-77 · CAPEC-87
CVEs mapped to this weakness (812)
page 4 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49594 | Cri | 0.53 | — | 0.01 | Oct 6, 2025 | XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it… | ||
| CVE-2025-3921 | Hig | 0.53 | 8.2 | 0.00 | May 7, 2025 | The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update… | ||
| CVE-2025-27509 | Cri | 0.53 | — | 0.01 | Mar 6, 2025 | fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is… | ||
| CVE-2024-52528 | Cri | 0.53 | — | 0.01 | Nov 15, 2024 | Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is… | ||
| CVE-2022-0993 | Hig | 0.53 | 8.1 | 0.07 | Apr 19, 2022 | The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects… | ||
| CVE-2016-7143 | Hig | 0.53 | 8.1 | 0.01 | Sep 21, 2016 | The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | ||
| CVE-2026-47298 | Hig | 0.52 | 8.0 | 0.01 | Jun 9, 2026 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2026-43515 | Cri | 0.52 | 9.1 | 0.01 | May 12, 2026 | Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0… | ||
| CVE-2026-27912 | Hig | 0.52 | 8.0 | 0.00 | Apr 14, 2026 | Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2026-33186 | Cri | 0.52 | 9.1 | 0.01 | Mar 20, 2026 | gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path`… | ||
| CVE-2024-45337 | Cri | 0.52 | 9.1 | 0.03 | Dec 12, 2024 | Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee… | ||
| CVE-2024-38821 | Cri | 0.52 | 9.1 | 0.02 | Oct 28, 2024 | Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's… | ||
| CVE-2023-50780 | — | Hig | 0.52 | 8.8 | 0.17 | Oct 14, 2024 | Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative… | |
| CVE-2026-45490 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Improper authorization in .NET allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42902 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-0072 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-0077 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2024 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges,… | ||
| CVE-2014-9950 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2017 | In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | ||
| CVE-2014-9945 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2017 | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | ||
| CVE-2016-8443 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2017 | Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185. |
- risk 0.53cvss —epss 0.01
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it…
- risk 0.53cvss 8.2epss 0.00
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update…
- risk 0.53cvss —epss 0.01
fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is…
- risk 0.53cvss —epss 0.01
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is…
- risk 0.53cvss 8.1epss 0.07
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects…
- risk 0.53cvss 8.1epss 0.01
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
- risk 0.52cvss 8.0epss 0.01
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.52cvss 9.1epss 0.01
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0…
- risk 0.52cvss 8.0epss 0.00
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.52cvss 9.1epss 0.01
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path`…
- risk 0.52cvss 9.1epss 0.03
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee…
- risk 0.52cvss 9.1epss 0.02
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's…
- risk 0.52cvss 8.8epss 0.17
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative…
- risk 0.51cvss 7.8epss 0.00
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges,…
- risk 0.51cvss 7.8epss 0.00
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
- risk 0.51cvss 7.8epss 0.00
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
- risk 0.51cvss 7.8epss 0.00
Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185.