CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-20772 MEDIUM
Android - Missing Authorization Leading to Local Privilege Escalation
CVSS 6.7
CVE-2023-36815 HIGH
Sealos < 4.2.0 - Missing Authorization in Billing System
CVSS 7.3
CVE-2023-30586 HIGH
Node.js 20.0.0-20.3.0 - Privilege Escalation via OpenSSL Engine Loading
CVSS 7.5
CVE-2023-36144 HIGH
Intelbras Switch SG 2404 MR - Auth Bypass
CVSS 7.5
CVE-2023-36607 MEDIUM
Ovarro TBox Firmware < 1.50.598 - Missing Authorization for API Commands
CVSS 5.3
CVE-2023-21185 HIGH
Android - Missing Authorization in WifiNetworkFactory.java
CVSS 7.8
CVE-2023-21177 MEDIUM
Android 13 - Missing Authorization in WindowManagerService
CVSS 5.5
CVE-2023-21173 MEDIUM
Android 13 - Unauthenticated Local Information Disclosure via DataUsageList.java
CVSS 5.5
CVE-2023-21149 HIGH
Android - Missing Authorization in ShannonRcsService
CVSS 7.8
CVE-2023-1844 MEDIUM
Subscribe2 <10.40 - Info Disclosure
CVSS 4.3
CVE-2023-36002 MEDIUM
Insider Threat Management Server <7.14.3 - SSRF
CVSS 4.3
CVE-2023-36000 MEDIUM
Insider Threat Management Server <7.14.3 - Info Disclosure
CVSS 6.5
CVE-2023-35998 MEDIUM
Insider Threat Management Server <7.14.3 - Auth Bypass
CVSS 4.6
CVE-2023-22834 LOW
Contour < 9.642.0 - Missing Authorization for Analysis Creation
CVSS 2.7
CVE-2023-35164 MEDIUM
DataEase < 1.18.8 - Unauthenticated Dashboard Manipulation
CVSS 6.3
CVE-2023-34463 HIGH
DataEase < 1.18.8 - Unauthenticated Application Deletion
CVSS 8.1
CVE-2023-36348 HIGH
POS Codekop v2.0 - Authenticated RCE
CVSS 8.8
CVE-2023-23344 LOW
BigFix WebUI Insights 14 - Authenticated Missing Authorization
CVSS 3.0
CVE-2023-35093 MEDIUM
StylemixThemes MasterStudy LMS WordPress Plugin <= 3.0.8 - Broken Access Control
CVSS 6.5
CVE-2023-3315 MEDIUM
Jenkins Team Concert Plugin <2.4.1 - Info Disclosure
CVSS 4.3
CVE-2023-2791 MEDIUM
Mattermost 7.7.0-7.7.2 - Authenticated Arbitrary Channel Post Edit via /dialog API
CVSS 4.3
CVE-2023-2788 MEDIUM
Mattermost 7.1.0-7.1.8 - Authenticated Missing Authorization via OAuth2 Flow
CVSS 6.2
CVE-2023-2787 MEDIUM
Mattermost 7.1.0-7.1.8 - Missing Authorization in Message Threads API
CVSS 6.5
CVE-2023-2786 MEDIUM
Mattermost 7.1.0-7.1.8 - Unauthenticated Missing Authorization via Channel Commands
CVSS 4.3
CVE-2023-2784 MEDIUM
Mattermost 7.8.0-7.8.3 - Missing Authorization for App Install Requests
CVSS 4.2
Details
Vulnerabilities 8,401
Exploit Likelihood High