CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5562 vulnerabilities reference this CWE, most recent first.
GHSA-43G3-JF9M-F6F5
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-08-13 00:00Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.
{
"affected": [],
"aliases": [
"CVE-2021-41976"
],
"database_specific": {
"cwe_ids": [
"CWE-306",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-08T16:15:00Z",
"severity": "MODERATE"
},
"details": "Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.",
"id": "GHSA-43g3-jf9m-f6f5",
"modified": "2022-08-13T00:00:37Z",
"published": "2022-05-24T19:17:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41976"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-5175-a2f8d-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-43JV-MFHV-X3HX
Vulnerability from github – Published: 2022-11-22 03:30 – Updated: 2022-11-26 03:30The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.
{
"affected": [],
"aliases": [
"CVE-2022-41326"
],
"database_specific": {
"cwe_ids": [
"CWE-862",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-22T01:15:00Z",
"severity": "CRITICAL"
},
"details": "The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.",
"id": "GHSA-43jv-mfhv-x3hx",
"modified": "2022-11-26T03:30:26Z",
"published": "2022-11-22T03:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41326"
},
{
"type": "WEB",
"url": "https://www.mitel.com/support/security-advisories"
},
{
"type": "WEB",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-43QC-57R7-5R46
Vulnerability from github – Published: 2022-05-14 00:01 – Updated: 2022-05-25 00:00A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
{
"affected": [],
"aliases": [
"CVE-2022-29854"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-13T14:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.",
"id": "GHSA-43qc-57r7-5r46",
"modified": "2022-05-25T00:00:32Z",
"published": "2022-05-14T00:01:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29854"
},
{
"type": "WEB",
"url": "https://www.mitel.com/support/security-advisories"
},
{
"type": "WEB",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003"
},
{
"type": "WEB",
"url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Jun/32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-43RR-WCJ9-H45W
Vulnerability from github – Published: 2022-02-15 01:44 – Updated: 2022-02-15 01:44A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
{
"affected": [],
"aliases": [
"CVE-2021-20229"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-23T18:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.",
"id": "GHSA-43rr-wcj9-h45w",
"modified": "2022-02-15T01:44:52Z",
"published": "2022-02-15T01:44:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20229"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925296"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-32"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210326-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Authorization in PostgreSQL"
}
GHSA-43RX-99W7-V5FH
Vulnerability from github – Published: 2026-04-07 18:31 – Updated: 2026-04-07 18:31OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope. Attackers can exploit the path parameter not being passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools to bypass deny rules and access sensitive files such as configuration files, credentials, and SSH material, or create and overwrite files in restricted host paths in full_auto mode.
{
"affected": [],
"aliases": [
"CVE-2026-22682"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-07T18:16:39Z",
"severity": "HIGH"
},
"details": "OpenHarness prior to commit 166fcfe\u00a0contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope. Attackers can exploit the path parameter not being passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools to bypass deny rules and access sensitive files such as configuration files, credentials, and SSH material, or create and overwrite files in restricted host paths in full_auto mode.",
"id": "GHSA-43rx-99w7-v5fh",
"modified": "2026-04-07T18:31:38Z",
"published": "2026-04-07T18:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22682"
},
{
"type": "WEB",
"url": "https://github.com/HKUDS/OpenHarness/pull/32"
},
{
"type": "WEB",
"url": "https://github.com/HKUDS/OpenHarness/commit/166fcfefb7614dbac51bd061f56542725b0298e9"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openharness-improper-access-control-via-file-tools"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-43VJ-HHQ4-8C72
Vulnerability from github – Published: 2025-01-29 12:31 – Updated: 2025-09-29 18:33Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
{
"affected": [],
"aliases": [
"CVE-2024-41140"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-29T12:15:28Z",
"severity": "HIGH"
},
"details": "Zohocorp ManageEngine Applications Manager versions\u00a0174000 and prior are vulnerable to the incorrect authorization in the update user function.",
"id": "GHSA-43vj-hhq4-8c72",
"modified": "2025-09-29T18:33:10Z",
"published": "2025-01-29T12:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41140"
},
{
"type": "WEB",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-41140.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4427-7F3W-MQV6
Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2024-09-27 17:42An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "keystone"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "keystone"
},
"ranges": [
{
"events": [
{
"introduced": "16.0.0"
},
{
"fixed": "16.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0.0"
]
}
],
"aliases": [
"CVE-2020-12691"
],
"database_specific": {
"cwe_ids": [
"CWE-311",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-29T10:24:16Z",
"nvd_published_at": "2020-05-07T00:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.",
"id": "GHSA-4427-7f3w-mqv6",
"modified": "2024-09-27T17:42:40Z",
"published": "2022-05-24T17:17:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12691"
},
{
"type": "WEB",
"url": "https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548"
},
{
"type": "WEB",
"url": "https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5"
},
{
"type": "WEB",
"url": "https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/keystone/+bug/1872733"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/keystone"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.openstack.org/ossa/OSSA-2020-004.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4480-1"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2020/05/06/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/05/07/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID"
}
GHSA-446F-X529-8HW2
Vulnerability from github – Published: 2026-04-14 12:31 – Updated: 2026-04-14 21:31Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.
{
"affected": [],
"aliases": [
"CVE-2026-24069"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T12:16:20Z",
"severity": "MODERATE"
},
"details": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.",
"id": "GHSA-446f-x529-8hw2",
"modified": "2026-04-14T21:31:46Z",
"published": "2026-04-14T12:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24069"
},
{
"type": "WEB",
"url": "https://r.sec-consult.com/kiuwanlock"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2026/Apr/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4478-2HCG-975M
Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.2), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.2), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). The "Load Rollback" functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to make the affected product roll back configuration changes made by privileged users.
{
"affected": [],
"aliases": [
"CVE-2025-40567"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T16:15:38Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions \u003c V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions \u003c V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions \u003c V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions \u003c V3.2), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions \u003c V3.2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions \u003c V3.2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions \u003c V3.2), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions \u003c V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions \u003c V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions \u003c V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions \u003c V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions \u003c V3.2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions \u003c V3.2), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions \u003c V3.2), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions \u003c V3.2), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions \u003c V3.2), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions \u003c V3.2), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions \u003c V3.2), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions \u003c V3.2), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions \u003c V3.2), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions \u003c V3.2), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions \u003c V3.2), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions \u003c V3.2), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions \u003c V3.2), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions \u003c V3.2), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions \u003c V3.2), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions \u003c V3.2), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions \u003c V3.2), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions \u003c V3.2), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions \u003c V3.2), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions \u003c V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions \u003c V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions \u003c V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions \u003c V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions \u003c V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions \u003c V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions \u003c V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions \u003c V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions \u003c V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions \u003c V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions \u003c V3.2). The \"Load Rollback\" functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with \"guest\" role to make the affected product roll back configuration changes made by privileged users.",
"id": "GHSA-4478-2hcg-975m",
"modified": "2025-06-10T18:32:25Z",
"published": "2025-06-10T18:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40567"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693776.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4486-RQPC-38G7
Vulnerability from github – Published: 2025-11-18 12:30 – Updated: 2025-11-19 21:31Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.
{
"affected": [],
"aliases": [
"CVE-2025-41346"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T10:15:49Z",
"severity": "CRITICAL"
},
"details": "Faulty authorization control in software WinPlus v24.11.27 by Inform\u00e1tica del Este that allows another user to be impersonated simply by knowing their \u0027numerical ID\u0027, meaning that an attacker could compromise another user\u0027s account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.",
"id": "GHSA-4486-rqpc-38g7",
"modified": "2025-11-19T21:31:18Z",
"published": "2025-11-18T12:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41346"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.