Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-285:Improper Authorization
Weakness ID:285
Version:v4.17
Weakness Name:Improper Authorization
Vulnerability Mapping:Discouraged
Abstraction:Class
Structure:Simple
Status:Draft
Likelihood of Exploit:High
DetailsContent HistoryObserved CVE ExamplesReports
1057Vulnerabilities found
CVE-2016-5420
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.60%
||
7 Day CHG~0.00%
Published-10 Aug, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

Action-Not Available
Vendor-n/aDebian GNU/LinuxopenSUSECURL
Product-debian_linuxleaplibcurln/a
CWE ID-CWE-285
Improper Authorization
CVE-2016-4531
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-20.96% / 95.52%
||
7 Day CHG~0.00%
Published-28 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Action-Not Available
Vendor-n/aRockwell Automation, Inc.
Product-factorytalk_energrymetrixn/a
CWE ID-CWE-285
Improper Authorization
CVE-2016-1711
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.78% / 82.40%
||
7 Day CHG~0.00%
Published-23 Jul, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-285
Improper Authorization
CVE-2016-1710
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.28% / 79.32%
||
7 Day CHG~0.00%
Published-23 Jul, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-285
Improper Authorization
CVE-2014-2349
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.2||MEDIUM
EPSS-0.11% / 28.99%
||
7 Day CHG~0.00%
Published-22 May, 2014 | 20:00
Updated-31 Oct, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emerson DeltaV Use of Improper Authorization

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

Action-Not Available
Vendor-emersonEmerson
Product-deltavDeltaV
CWE ID-CWE-285
Improper Authorization
CVE-2025-11030
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.59%
||
7 Day CHG-0.04%
Published-Not Available
Updated-29 Sep, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

Action-Not Available
Vendor-
Product-
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10319
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.49%
||
7 Day CHG~0.00%
Published-Not Available
Updated-31 Dec, 2025 | 01:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-jeecg
Product-jeecg_boot
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
  • Previous
  • 1
  • 2
  • ...
  • 20
  • 21
  • 22
  • Next