Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5537 vulnerabilities reference this CWE, most recent first.

GHSA-FQW4-MPH7-2VR8

Vulnerability from github – Published: 2026-03-27 22:29 – Updated: 2026-03-27 22:29
VLAI
Summary
OpenClaw: Silent privilege escalation via gateway shared-auth reconnect
Details

Summary

Gateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE

Affected Packages / Versions

  • Package: openclaw
  • Affected versions: <= 2026.3.24
  • First patched version: 2026.3.25
  • Latest published npm version at verification time: 2026.3.24

Details

Silent local shared-auth reconnects could previously auto-approve scope-upgrade requests and widen a paired device from operator.read to operator.admin. Commit 81ebc7e0344fd19c85778e883bad45e2da972229 blocks silent reconnect scope upgrades so widened scopes require an explicit pairing approval instead of an implicit local reconnect path.

Verified vulnerable on tag v2026.3.24 and fixed on main by commit 81ebc7e0344fd19c85778e883bad45e2da972229.

Fix Commit(s)

  • 81ebc7e0344fd19c85778e883bad45e2da972229
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2026.3.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-27T22:29:47Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\nGateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `\u003c= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nSilent local shared-auth reconnects could previously auto-approve `scope-upgrade` requests and widen a paired device from `operator.read` to `operator.admin`. Commit `81ebc7e0344fd19c85778e883bad45e2da972229` blocks silent reconnect scope upgrades so widened scopes require an explicit pairing approval instead of an implicit local reconnect path.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `81ebc7e0344fd19c85778e883bad45e2da972229`.\n\n## Fix Commit(s)\n\n- `81ebc7e0344fd19c85778e883bad45e2da972229`",
  "id": "GHSA-fqw4-mph7-2vr8",
  "modified": "2026-03-27T22:29:47Z",
  "published": "2026-03-27T22:29:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Silent privilege escalation via gateway shared-auth reconnect"
}

GHSA-FR22-5377-F3P7

Vulnerability from github – Published: 2025-04-24 09:30 – Updated: 2025-04-24 16:09
VLAI
Summary
Mattermost Playbooks fails to properly validate permissions
Details

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 2.1.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-plugin-playbooks"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-plugin-playbooks"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.41.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.0-20250218121836-2b5275d87136"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 10.4.3"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 10.5.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 9.11.11"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-41423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-24T16:09:31Z",
    "nvd_published_at": "2025-04-24T07:15:31Z",
    "severity": "LOW"
  },
  "details": "Mattermost versions 10.4.x \u003c= 10.4.2, 10.5.x \u003c= 10.5.0, 9.11.x \u003c= 9.11.10\u00a0fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions.",
  "id": "GHSA-fr22-5377-f3p7",
  "modified": "2025-04-24T16:09:31Z",
  "published": "2025-04-24T09:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41423"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost-plugin-playbooks/commit/f9f7064e4d9f3918d66bac1f5f9eb28f0723464b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/2b5275d87136f07e016c8eca09a2f004b31afc8a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mattermost/mattermost-plugin-playbooks"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mattermost Playbooks\u00a0fails to properly validate permissions"
}

GHSA-FR28-G84Q-2JVR

Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-07-13 00:01
VLAI
Details

The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-29T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.)",
  "id": "GHSA-fr28-g84q-2jvr",
  "modified": "2022-07-13T00:01:41Z",
  "published": "2022-05-24T19:16:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41795"
    },
    {
      "type": "WEB",
      "url": "https://support.1password.com/kb/202109"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FR2R-2PC4-H4F4

Vulnerability from github – Published: 2024-12-04 18:32 – Updated: 2024-12-04 21:30
VLAI
Details

Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-04T18:15:13Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.",
  "id": "GHSA-fr2r-2pc4-h4f4",
  "modified": "2024-12-04T21:30:52Z",
  "published": "2024-12-04T18:32:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12196"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/DEVO-2024-0017"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FR4C-CH83-R968

Vulnerability from github – Published: 2024-10-03 00:30 – Updated: 2025-10-22 00:33
VLAI
Details

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-78",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-02T22:15:02Z",
    "severity": "CRITICAL"
  },
  "details": "The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.",
  "id": "GHSA-fr4c-ch83-r968",
  "modified": "2025-10-22T00:33:07Z",
  "published": "2024-10-03T00:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45519"
    },
    {
      "type": "WEB",
      "url": "https://blog.projectdiscovery.io/zimbra-remote-code-execution"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Security_Center"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45519"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FR55-95RR-VM5X

Vulnerability from github – Published: 2026-05-11 18:31 – Updated: 2026-05-11 18:31
VLAI
Details

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/deny lists, owner-only restrictions, sandbox policies, and subagent policies.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-11T18:16:39Z",
    "severity": "LOW"
  },
  "details": "OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/deny lists, owner-only restrictions, sandbox policies, and subagent policies.",
  "id": "GHSA-fr55-95rr-vm5x",
  "modified": "2026-05-11T18:31:47Z",
  "published": "2026-05-11T18:31:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44998"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-tool-policy-bypass-via-bundled-mcp-lsp-tools"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FR5V-RGRP-GHW9

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-07-15 00:00
VLAI
Details

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-10T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.",
  "id": "GHSA-fr5v-rgrp-ghw9",
  "modified": "2022-07-15T00:00:16Z",
  "published": "2022-05-24T19:20:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3062"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3062"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FR85-FM4X-7G26

Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2022-05-24 17:17
VLAI
Details

Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12874"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-14T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.",
  "id": "GHSA-fr85-fm4x-7g26",
  "modified": "2022-05-24T17:17:54Z",
  "published": "2022-05-24T17:17:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12874"
    },
    {
      "type": "WEB",
      "url": "https://www.veritas.com/content/support/en_US/security/VTS20-003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FRF8-GHGX-64V9

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-25240"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-15T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.",
  "id": "GHSA-frf8-ghgx-64v9",
  "modified": "2022-05-24T17:44:32Z",
  "published": "2022-05-24T17:44:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25240"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731317.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FRQM-X2FH-HCWR

Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2022-09-03 00:00
VLAI
Details

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-25T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment.",
  "id": "GHSA-frqm-x2fh-hcwr",
  "modified": "2022-09-03T00:00:18Z",
  "published": "2022-08-26T00:03:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36115"
    },
    {
      "type": "WEB",
      "url": "https://blueprism.com"
    },
    {
      "type": "WEB",
      "url": "https://community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprise"
    },
    {
      "type": "WEB",
      "url": "https://portal.blueprism.com/security-vulnerabilities-august-2022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.