CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-47077	authentik cross-provider token validation problems — authentik	6.5	Medium	2024-09-27
CVE-2024-9136	Huawei HarmonyOS 安全漏洞 — HarmonyOS	6.7	Medium	2024-09-27
CVE-2024-9155	Insufficient Authorization On Unlinked Channel Files — Mattermost	4.3	Medium	2024-09-26
CVE-2024-7108	Incorrect Authorization in National Keep's CyberMath — CyberMath	8.1^AI	High^AI	2024-09-26
CVE-2024-20510	Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software	4.7	Medium	2024-09-25
CVE-2024-6512	Devolutions Server 安全漏洞 — Devolutions Server	6.5^AI	Medium^AI	2024-09-25
CVE-2024-6593	WatchGuard Firebox Single Sign-On Agent Management Interface Authentication Bypass — Authentication Gateway	9.1	Critical	2024-09-25
CVE-2024-8606	Fix 2FA bypass via RestAPI — Checkmk	6.5^AI	Medium^AI	2024-09-23
CVE-2024-47160	JetBrains YouTrack 安全漏洞 — YouTrack	4.3	Medium	2024-09-19
CVE-2024-47159	JetBrains YouTrack 安全漏洞 — YouTrack	4.3	Medium	2024-09-19
CVE-2024-2743	Incorrect Authorization in GitLab — GitLab	5.3	Medium	2024-09-12
CVE-2024-8691	PAN-OS: User Impersonation in GlobalProtect Portal — PAN-OS	6.5^AI	Medium^AI	2024-09-11
CVE-2024-4465	Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 — Guardian	6.0	Medium	2024-09-11
CVE-2024-42423	Dell ThinOS 安全漏洞 — Wyse Proprietary OS (Modern ThinOS)	6.1	Medium	2024-09-10
CVE-2024-6979	AXIS OS 安全漏洞 — AXIS OS	6.8	Medium	2024-09-10
CVE-2024-44114	Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP Platform	2.0	Low	2024-09-10
CVE-2024-45588	Information Disclosure Vulnerability — XTS Web Trader	7.1	-	2024-09-03
CVE-2024-45587	Unauthorized Modification Vulnerability — XTS Web Trader	8.8	-	2024-09-03
CVE-2024-45586	Account Take Over Vulnerability — XTS Web Trader	8.8	-	2024-09-03
CVE-2024-38868	Incorrect Authorization — Endpoint Central	7.6	High	2024-08-30
CVE-2024-41964	Insufficient permission checks in the language settings in Kirby CMS — kirby	8.1	High	2024-08-29
CVE-2024-45037	AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template — aws-cdk	6.4	Medium	2024-08-27
CVE-2024-8011	Logitech Options 安全漏洞 — Options+	7.1^AI	High^AI	2024-08-25
CVE-2024-38869	Incorrect Authorization — Endpoint Central	8.3	High	2024-08-23
CVE-2024-7836	Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication — Themify Builder	4.3	Medium	2024-08-22
CVE-2024-7604	Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability — Unified SecOps Platform	7.8^AI	High^AI	2024-08-21
CVE-2024-6337	Incorrect Authorization allows read access to issues in GitHub Enterprise Server — GitHub Enterprise Server	4.3^AI	Medium^AI	2024-08-20
CVE-2024-7711	GitHub Enterprise Server 安全漏洞 — GitHub Enterprise Server	5.3^AI	Medium^AI	2024-08-20
CVE-2024-39690	Capsule tenant owner with "patch namespace" permission can hijack system namespaces — capsule	8.5	High	2024-08-20
CVE-2024-43250	WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerability — Bit Form Pro	7.1	High	2024-08-19

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1242