CWE-863 (授权机制不正确) — Vulnerability Class 1255

1255 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-28098	Apache Pulsar: Improper Authorization For Topic-Level Policy Management — Apache Pulsar	6.4	Medium	2024-03-12
CVE-2023-45793	Siemens Siveillance Control 安全漏洞 — Siveillance Control	5.5	Medium	2024-03-12
CVE-2024-22133	Improper Access Control in SAP Fiori Front End Server — SAP Fiori Front End Server	4.6	Medium	2024-03-12
CVE-2024-28229	JetBrains YouTrack 安全漏洞 — YouTrack	6.5	Medium	2024-03-07
CVE-2024-0199	Incorrect Authorization in GitLab — GitLab	7.7	High	2024-03-07
CVE-2024-27933	Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass — deno	8.3	High	2024-03-06
CVE-2024-27915	Sulu grants access to pages regardless of role permissions — sulu	6.8	Medium	2024-03-06
CVE-2024-27288	1Panel open source panel project has an unauthorized vulnerability. — 1Panel	6.3	Medium	2024-03-06
CVE-2024-24761	Galette public pages accessibility restriction — galette	7.5	High	2024-03-06
CVE-2024-28174	JetBrains TeamCity 安全漏洞 — TeamCity	5.8	Medium	2024-03-06
CVE-2024-27138	Apache Archiva: disabling user registration is not effective — Apache Archiva	7.5	-	2024-03-01
CVE-2024-27139	Apache Archiva: incorrect authentication potentially leading to account takeover — Apache Archiva	9.1	-	2024-03-01
CVE-2023-47716	IBM FileNet Content Manager privilege escalation — Filenet Content Manager	6.3	Medium	2024-03-01
CVE-2024-26016	Apache Superset: Improper authorization validation on dashboards and charts import — Apache Superset	4.3	Medium	2024-02-28
CVE-2024-24779	Apache Superset: Improper data authorization when creating a new dataset — Apache Superset	5.0	Medium	2024-02-28
CVE-2024-24773	Apache Superset: Improper validation of SQL statements allows for unauthorized access to data — Apache Superset	4.9	Medium	2024-02-28
CVE-2023-3509	Incorrect Authorization in GitLab — GitLab	3.7	Low	2024-02-21
CVE-2024-26145	Uninvited user is able to join and mark the attendance of the the private event — discourse-calendar	6.5	Medium	2024-02-21
CVE-2023-46241	Potential account take over due to unverified emails from Microsoft Identity Platform — discourse-microsoft-auth	9.1	Critical	2024-02-21
CVE-2024-25604	Liferay Portal和Liferay DXP 安全漏洞 — Portal	6.5	Medium	2024-02-20
CVE-2024-25149	Liferay Portal和Liferay DXP 安全漏洞 — Portal	5.4	Medium	2024-02-20
CVE-2024-1482	Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution — Enterprise Server	7.1	High	2024-02-14
CVE-2024-24966	F5OS vulnerability — F5OS - Appliance	6.2	Medium	2024-02-14
CVE-2023-6152	Grafana 安全漏洞 — Grafana	5.4	Medium	2024-02-13
CVE-2024-24774	Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) — Mattermost	3.4	Low	2024-02-09
CVE-2023-43609	Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization — Rosemount GC370XA	6.9	Medium	2024-02-09
CVE-2023-51761	Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authentication — Rosemount GC370XA	8.3	High	2024-02-09
CVE-2023-6564	Incorrect Authorization in GitLab — GitLab	6.5	Medium	2024-02-08
CVE-2024-22208	phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes — phpMyFAQ	6.5	Medium	2024-02-05
CVE-2023-32967	QTS, QuTScloud — QuTScloud	5.0	Medium	2024-02-02

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1255 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1255