CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5501 vulnerabilities reference this CWE, most recent first.
GHSA-XJ63-5V6J-3XR7
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.
{
"affected": [],
"aliases": [
"CVE-2019-11684"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-26T16:15:00Z",
"severity": "CRITICAL"
},
"details": "Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 \u003c v3.71.0034 and v3.81 \u003c 3.81.0050; DIVAR IP 5000 3.80 \u003c 3.80.0039; BVMS all versions using VRM.",
"id": "GHSA-xj63-5v6j-3xr7",
"modified": "2022-05-24T17:43:05Z",
"published": "2022-05-24T17:43:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11684"
},
{
"type": "WEB",
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-804652.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XJ9W-5R6Q-X6V4
Vulnerability from github – Published: 2026-04-03 02:59 – Updated: 2026-05-06 23:25Summary
Device-Paired Node Skips Node Scope Gate → Host RCE.md
Current Maintainer Triage
- Status: open
- Normalized severity: high
- Assessment: Real in shipped v2026.3.28 because a merely device-paired node could expose node commands without node pairing, but high is sufficient given the pairing/setup prerequisites.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version:
2026.3.31 - Vulnerable version range:
<=2026.3.28 - Patched versions:
>= 2026.3.31 - First stable tag containing the fix:
v2026.3.31
Fix Commit(s)
3886b65ef21d02808c1a106fa1f9f69e22f71c32— 2026-03-30T17:29:28+01:00
OpenClaw thanks @AntAISecurityLab for reporting.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.3.28"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.31"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41352"
],
"database_specific": {
"cwe_ids": [
"CWE-862",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T02:59:03Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\nDevice-Paired Node Skips Node Scope Gate \u2192 Host RCE.md\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Real in shipped v2026.3.28 because a merely device-paired node could expose node commands without node pairing, but high is sufficient given the pairing/setup prerequisites.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.28`\n- Patched versions: `\u003e= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `3886b65ef21d02808c1a106fa1f9f69e22f71c32` \u2014 2026-03-30T17:29:28+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.",
"id": "GHSA-xj9w-5r6q-x6v4",
"modified": "2026-05-06T23:25:17Z",
"published": "2026-04-03T02:59:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xj9w-5r6q-x6v4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41352"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/3886b65ef21d02808c1a106fa1f9f69e22f71c32"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-node-scope-gate-bypass"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Device-Paired Node Skips Node Scope Gate \u2192 Host RCE.md"
}
GHSA-XJF9-FCQR-8Q9X
Vulnerability from github – Published: 2022-05-24 19:21 – Updated: 2022-10-27 19:00Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.
{
"affected": [],
"aliases": [
"CVE-2021-36909"
],
"database_specific": {
"cwe_ids": [
"CWE-862",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-18T15:15:00Z",
"severity": "HIGH"
},
"details": "Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions \u003c= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.",
"id": "GHSA-xjf9-fcqr-8q9x",
"modified": "2022-10-27T19:00:29Z",
"published": "2022-05-24T19:21:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36909"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-premium-plugin-5-98-authenticated-database-reset-vulnerability"
},
{
"type": "WEB",
"url": "https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed"
},
{
"type": "WEB",
"url": "https://wpreset.com/changelog"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJH2-3FRJ-5Q52
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-06-29 00:00An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
{
"affected": [],
"aliases": [
"CVE-2021-25229"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-04T20:15:00Z",
"severity": "MODERATE"
},
"details": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.",
"id": "GHSA-xjh2-3frj-5q52",
"modified": "2022-06-29T00:00:47Z",
"published": "2022-05-24T17:41:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25229"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-104"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XJMX-CPRH-646R
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2025-05-29 14:09An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "mantisbt/mantisbt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-25781"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-29T14:09:17Z",
"nvd_published_at": "2020-09-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.",
"id": "GHSA-xjmx-cprh-646r",
"modified": "2025-05-29T14:09:17Z",
"published": "2022-05-24T17:29:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25781"
},
{
"type": "PACKAGE",
"url": "https://github.com/mantisbt/mantisbt"
},
{
"type": "WEB",
"url": "https://mantisbt.org/bugs/view.php?id=27039"
},
{
"type": "WEB",
"url": "http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93"
},
{
"type": "WEB",
"url": "http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "MantisBT unauthorized users able to access private files"
}
GHSA-XM23-F7V4-5J82
Vulnerability from github – Published: 2026-04-07 15:30 – Updated: 2026-04-07 15:30An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (5.3 Medium). This issue was fixed in version 4.0.260204.2 of the runZero Platform.
{
"affected": [],
"aliases": [
"CVE-2026-5380"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-07T15:17:48Z",
"severity": "MODERATE"
},
"details": "An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of\nCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (5.3 Medium). This issue was fixed in version 4.0.260204.2 of the runZero Platform.",
"id": "GHSA-xm23-f7v4-5j82",
"modified": "2026-04-07T15:30:52Z",
"published": "2026-04-07T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5380"
},
{
"type": "WEB",
"url": "https://help.runzero.com/docs/release-notes/#402602042"
},
{
"type": "WEB",
"url": "https://www.runzero.com/advisories/runzero-platform-cleartext-exposure-cve-2026-5380"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XM2R-2G3F-XG38
Vulnerability from github – Published: 2022-06-14 00:00 – Updated: 2024-09-17 00:31In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
{
"affected": [],
"aliases": [
"CVE-2022-30309"
],
"database_specific": {
"cwe_ids": [
"CWE-78",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-13T14:15:00Z",
"severity": "CRITICAL"
},
"details": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-off\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.",
"id": "GHSA-xm2r-2g3f-xg38",
"modified": "2024-09-17T00:31:00Z",
"published": "2022-06-14T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30309"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2022-020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XM7P-H8QQ-9G6J
Vulnerability from github – Published: 2022-06-14 00:00 – Updated: 2024-09-17 00:31In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
{
"affected": [],
"aliases": [
"CVE-2022-30310"
],
"database_specific": {
"cwe_ids": [
"CWE-78",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-13T14:15:00Z",
"severity": "CRITICAL"
},
"details": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.",
"id": "GHSA-xm7p-h8qq-9g6j",
"modified": "2024-09-17T00:31:00Z",
"published": "2022-06-14T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30310"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2022-020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XM85-53QC-RPXJ
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.
{
"affected": [],
"aliases": [
"CVE-2020-26200"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-26T14:15:00Z",
"severity": "MODERATE"
},
"details": "A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.",
"id": "GHSA-xm85-53qc-rpxj",
"modified": "2022-05-24T17:43:08Z",
"published": "2022-05-24T17:43:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26200"
},
{
"type": "WEB",
"url": "https://github.com/CVEProject/cvelist/blob/master/2020/26xxx/CVE-2020-26200.json"
},
{
"type": "WEB",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XM97-JWXX-3WFH
Vulnerability from github – Published: 2025-11-04 03:30 – Updated: 2025-12-17 21:30A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app with root privileges may be able to access private information.
{
"affected": [],
"aliases": [
"CVE-2025-43336"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-04T02:15:40Z",
"severity": "MODERATE"
},
"details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app with root privileges may be able to access private information.",
"id": "GHSA-xm97-jwxx-3wfh",
"modified": "2025-12-17T21:30:32Z",
"published": "2025-11-04T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43336"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125634"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125635"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125636"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.