CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-11176	Incorrect evaluation of effective permissions in M-Files Aino — M-Files Aino	6.5^AI	Medium^AI	2024-11-20
CVE-2024-52584	Autolab has vulnerable submission endpoints — Autolab	5.4^AI	Medium^AI	2024-11-18
CVE-2024-3379	Incorrect Authorization in lunary-ai/lunary — lunary-ai/lunary	7.1	-	2024-11-14
CVE-2024-9693	Incorrect Authorization in GitLab — GitLab	8.5	High	2024-11-14
CVE-2024-50310	Siemens SIMATIC CP 1543-1 安全漏洞 — SIMATIC CP 1543-1 V4.0	7.5	High	2024-11-12
CVE-2024-42000	Unauthorized Access to view channels' details — Mattermost	2.7	Low	2024-11-09
CVE-2024-52314	data.all admin user may access potentially sensitive data stored by producers via logs — data.all	4.9	Medium	2024-11-09
CVE-2024-52312	data.all authenticated users can perform restricted operations against DataSets and Environments — data.all	5.4	Medium	2024-11-09
CVE-2024-10953	data.all authenticated users can perform mutating update operations on persisted notification records — data.all	4.3	Medium	2024-11-09
CVE-2024-10975	Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission — Nomad	7.7	High	2024-11-07
CVE-2024-20537	Cisco Identity Services Engine Authorization Bypass Vulnerability — Cisco Identity Services Engine Software	6.5	Medium	2024-11-06
CVE-2024-9902	Ansible-core: ansible-core user may read/write unauthorized content	6.3	Medium	2024-11-06
CVE-2024-49256	WordPress Htaccess File Editor plugin <= 1.0.18 - Broken Access Control vulnerability — Htaccess File Editor	6.5	Medium	2024-11-01
CVE-2024-49501	OMRON Sysmac Studio 安全漏洞 — SYSMAC-SE2[][][]	9.8^AI	Critical^AI	2024-11-01
CVE-2024-50419	WordPress Greenshift plugin <=9.7 - Broken Access Control vulnerability — Greenshift	5.4	Medium	2024-10-30
CVE-2024-9825	The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token — Chef Habitat Builder	5.4	Medium	2024-10-28
CVE-2024-10295	Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request	7.5	High	2024-10-24
CVE-2024-20482	Cisco Secure Firewall Management Center 安全漏洞 — Cisco Firepower Management Center	6.5	Medium	2024-10-23
CVE-2024-48911	OpenCanary Executes Commands From Potentially Writable Config File — opencanary	8.8^AI	High^AI	2024-10-14
CVE-2024-8970	Incorrect Authorization in GitLab — GitLab	8.2	High	2024-10-11
CVE-2024-45128	Adobe Commerce \| Incorrect Authorization (CWE-863) — Adobe Commerce	5.4	Medium	2024-10-10
CVE-2024-45132	Adobe Commerce \| Incorrect Authorization (CWE-863) — Adobe Commerce	6.5	Medium	2024-10-10
CVE-2024-45131	Adobe Commerce \| Incorrect Authorization (CWE-863) — Adobe Commerce	5.4	Medium	2024-10-10
CVE-2024-45125	Adobe Commerce \| Incorrect Authorization (CWE-863) — Adobe Commerce	4.3	Medium	2024-10-10
CVE-2024-9623	Incorrect Authorization in GitLab — GitLab	4.9	Medium	2024-10-10
CVE-2024-7048	IDOR in open-webui/open-webui — open-webui/open-webui	8.8^AI	High^AI	2024-10-10
CVE-2024-47780	Information Disclosure in TYPO3 Page Tree — typo3	3.1	Low	2024-10-08
CVE-2024-47616	Pomerium's service account access token may grant unintended access to databroker API — pomerium	6.8	Medium	2024-10-02
CVE-2024-47560	J’s Communication RevoWorks Cloud Client 安全漏洞 — RevoWorks Cloud Client	8.4	-	2024-10-01
CVE-2024-47172	Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints — cvat	5.4	Medium	2024-09-30

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1242