CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,365 vulnerabilities with CWE-862
CVE-2024-39823 MEDIUM
Zoom Meeting SDK < 6.1.0 - Missing Authorization
CVSS 4.9
CVE-2024-38699 HIGH
WP Swings Wallet System <2.5.13 - Info Disclosure
CVSS 7.5
CVE-2024-37935 HIGH
Woocommerce OpenPos <6.4.4 - Info Disclosure
CVSS 7.5
CVE-2024-42373 MEDIUM
SAP Student Life Cycle Management - Missing Authorization
CVSS 4.3
CVE-2024-41734 MEDIUM
SAP NetWeaver Application Server ABAP - Authenticated Information Disclosure via Missing Authorization
CVSS 4.3
CVE-2024-39591 MEDIUM
SAP Document Builder - Missing Authorization
CVSS 4.3
CVE-2024-42377 MEDIUM
SAP Shared Service Framework - Authenticated Missing Authorization in Remote-Enabled Function
CVSS 4.3
CVE-2024-42376 MEDIUM
SAP Shared Service Framework - Privilege Escalation
CVSS 6.5
CVE-2024-41730 CRITICAL
SAP BusinessObjects Business Intelligence Platform - Unauthenticated Missing Authorization via REST Endpoint
CVSS 9.8
CVE-2024-33005 MEDIUM
SAP NetWeaver ABAP and Java, Content Server - Missing Authorization
CVSS 6.3
CVE-2024-37930 MEDIUM
ThemeSphere SmartMag < 10.1.0 - Sensitive Data Exposure via Log File Insertion
CVSS 5.3
CVE-2024-7648 MEDIUM
Opal Membership <1.2.4 - Info Disclosure
CVSS 4.3
CVE-2024-7621 MEDIUM
Atarim WordPress Plugin <4.0.2 - Info Disclosure
CVSS 5.4
CVE-2024-6760 HIGH
FreeBSD < 13.0 - Unauthenticated Missing Authorization via Kernel Tracing
CVSS 7.5
CVE-2024-42470 MEDIUM
openHAB CometVisu < 4.2.1 - Unauthenticated Sensitive Data Exposure and Modification
CVSS 6.5
CVE-2024-42035 HIGH
Huawei EMUI - Missing Authorization in App Multiplier Module
CVSS 8.4
CVE-2024-6824 MEDIUM
Premium Addons for Elementor <4.10.38 - Privilege Escalation
CVSS 4.3
CVE-2024-6987 MEDIUM
Orchid Store <= 1.5.6 - Authenticated Arbitrary Plugin Activation via orchid_store_activate_plugin
CVSS 4.3
CVE-2024-6869 MEDIUM
Falang multilanguage for WordPress <= 1.3.52 - Authenticated Unauthorized Data Modification
CVSS 5.4
CVE-2024-43045 MEDIUM
Jenkins <2.470-<2.452.3 - Info Disclosure
CVSS 6.3
CVE-2024-6872 MEDIUM
TemplateSpare <2.4.2 - Info Disclosure
CVSS 4.3
CVE-2024-6709 MEDIUM
Sync Post With Other Site <= 1.6 - Authenticated Unauthorized Post Modification via sps_add_update_post
CVSS 4.3
CVE-2024-7031 HIGH
File Manager Pro - Filester <= 1.8.2 - Authenticated Arbitrary Setting Modification via njt_fs_saveSettingRestrictions
CVSS 7.5
CVE-2024-5331 MEDIUM
Breakdance <1.7.2 - Info Disclosure
CVSS 4.3
CVE-2024-6698 HIGH
FundEngine <1.7.0 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 8,365
Exploit Likelihood High