Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 967

967 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-21026 Magento Commerce Incorrect permissions Could Lead To Unauthorized Access — Magento Commerce 4.9 -2021-02-11
CVE-2020-24674 Improper Authorization in Symphony Plus — ABB Ability™ Symphony® Plus Operations 8.8 High2020-12-22
CVE-2020-8920 Overoptimization leads to private information leak in Gerrit — Gerrit 3.5 Low2020-12-10
CVE-2020-8919 Information leakage in Gerrit — Gerrit 3.5 Low2020-12-10
CVE-2020-26246 Authorization bypass in Pimcore — pimcore 7.7 High2020-12-03
CVE-2020-9049 victor Web Client and C•CURE Web Client JSON Web Token (JWT) Vulnerability — victor Web Client version 5.6 and prior 7.1 High2020-11-19
CVE-2020-2050 PAN-OS: Authentication bypass vulnerability in GlobalProtect SSL VPN client certificate verification — PAN-OS 8.2 High2020-11-12
CVE-2020-24404 Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API — Magento Commerce 2.7 Low2020-11-09
CVE-2020-24405 Incorrect permissions in Inventory module could lead to unauthorized modification of inventory stock data — Magento Commerce 4.3 Medium2020-11-09
CVE-2020-24403 Incorrect permissions could lead to unauthorized modification of inventory source data via REST API — Magento Commerce 2.7 Low2020-11-09
CVE-2020-24431 Acrobat Reader DC for macOS Dynamic Library Injection Vulnerability — Acrobat Reader 4.4 Medium2020-11-05
CVE-2020-1908 Facebook WhatsApp 授权问题漏洞 — WhatsApp Business for iOS 4.6 -2020-11-03
CVE-2020-26183 Dell EMC NetWorker 授权问题漏洞 — NetWorker 6.8 Medium2020-10-16
CVE-2020-9048 victor Web Client - Arbitrary File Deletion Vulnerability — victor Web Client version 5.4.1 and prior 7.1 High2020-10-08
CVE-2020-7530 Schneider Electric SCADAPack 安全漏洞 — SCADAPack 7x Remote Connect V3.6.3.574 and prior. 7.8 -2020-09-16
CVE-2020-16096 Gallagher Group Command Centre 安全漏洞 — Command Centre 9.9 Critical2020-09-15
CVE-2020-6311 SAP 3D visual Enterprise Viewer 授权问题漏洞 — BANKING SERVICES FROM SAP 9.0(Bank Analyzer) 6.5 -2020-09-09
CVE-2020-10517 Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names — GitHub Enterprise Server 4.3 -2020-08-27
CVE-2020-3394 Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability — Cisco NX-OS Software 7.8 -2020-08-27
CVE-2020-7583 Siemens Automation License Manager 授权问题漏洞 — Automation License Manager 5 7.1 -2020-08-14
CVE-2020-3374 Cisco SD-WAN vManage Software Authorization Bypass Vulnerability — Cisco SD-WAN vManage 8.8 -2020-07-31
CVE-2020-3386 Cisco Data Center Network Manager Improper Authorization Vulnerability — Cisco Data Center Network Manager 8.8 -2020-07-31
CVE-2020-14486 OpenClinic GA — OpenClinic GA 6.3 Medium2020-07-29
CVE-2020-3150 Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability — Cisco RV110W Wireless-N VPN Firewall Firmware 5.9 -2020-07-16
CVE-2020-5356 Dell PowerProtect Data Manager和PowerProtect X400 授权问题漏洞 — Power Protect Data Manager 7.7 High2020-07-06
CVE-2020-15087 Privilege escalation in Presto — Presto 7.4 High2020-06-30
CVE-2020-15084 Authorization bypass in express-jwt — express-jwt 7.7 High2020-06-30
CVE-2020-10736 Red Hat Ceph 安全漏洞 — ceph 8.0 High2020-06-22
CVE-2020-5362 多款Dell产品授权问题漏洞 — Dell Client Consumer and Commercial platforms 7.1 High2020-06-10
CVE-2020-3267 Cisco Unified Contact Center Express Improper API Authorization Vulnerability — Cisco Unified Contact Center Express 7.1 -2020-06-03

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 967 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.