CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,402 vulnerabilities with CWE-862
CVE-2023-23848 MEDIUM
Synopsys Jenkins Coverity Plugin <3.0.2 - Privilege Escalation
CVSS 4.3
CVE-2023-25768 MEDIUM
Jenkins Azure Credentials Plugin < 254.v64da_8176c83a - Missing Authorization
CVSS 6.5
CVE-2023-25766 MEDIUM
Jenkins Azure Credentials Plugin < 254.v64da_8176c83a - Missing Authorization for Credential ID Enumeration
CVSS 4.3
CVE-2023-24528 MEDIUM
SAP Fiori apps for Travel Management <600 - Info Disclosure
CVSS 6.5
CVE-2023-24524 MEDIUM
SAP S/4 HANA - Privilege Escalation
CVSS 6.5
CVE-2023-23854 LOW
SAP NetWeaver Application Server for ABAP and ABAP Platform - Privi...
CVSS 3.8
CVE-2023-0019 MEDIUM
SAP GRC - Confidential Data Exposure
CVSS 6.5
CVE-2023-21450 LOW
Samsung One Hand Operation + < 6.1.21 - Unauthenticated Widget Access via Gesture Setting
CVSS 2.3
CVE-2023-0720 MEDIUM
Wicked Folders < 2.18.16 - Authenticated Authorization Bypass via ajax_save_folder_order
CVSS 5.4
CVE-2023-0717 MEDIUM
Wicked Folders <2.18.16 - Auth Bypass
CVSS 5.4
CVE-2023-0716 MEDIUM
Wicked Folders <2.18.16 - Auth Bypass
CVSS 5.4
CVE-2023-0715 MEDIUM
Wicked Folders <2.18.16 - Auth Bypass
CVSS 5.4
CVE-2023-0711 MEDIUM
Wicked Folders <2.18.16 - Auth Bypass
CVSS 5.4
CVE-2023-0684 MEDIUM
Wicked Folders <2.18.16 - Auth Bypass
CVSS 5.4
CVE-2023-0718 MEDIUM
Wicked Folders <2.18.16 - Auth Bypass
CVSS 5.4
CVE-2023-0719 MEDIUM
Wicked Folders <2.18.16 - Auth Bypass
CVSS 5.4
CVE-2023-0712 MEDIUM
Wicked Folders <2.18.16 - Auth Bypass
CVSS 5.4
CVE-2023-0713 MEDIUM
Wicked Folders < 2.18.16 - Authenticated Authorization Bypass via ajax_add_folder Function
CVSS 5.4
CVE-2023-0678 MEDIUM
phpipam < 1.5.1 - Missing Authorization
CVSS 5.3
CVE-2023-25014 HIGH
femanager < 5.5.3, 6.x < 6.3.4, 7.x < 7.1.0 - Unauthenticated Frontend User Deletion via InvitationController
CVSS 8.6
CVE-2023-0619 MEDIUM
Kraken.io Image Optimizer <2.6.8 - Auth Bypass
CVSS 6.5
CVE-2023-22737 MEDIUM
wire-server < 2022-12-09 - Unauthenticated Bot Removal via Missing Permissions Check
CVSS 6.5
CVE-2023-0556 CRITICAL
ContentStudio < 1.2.5 - Unauthenticated Authorization Bypass via Missing Capability Check
CVSS 9.8
CVE-2023-0555 HIGH
Quick Restaurant Menu <2.0.2 - Auth Bypass
CVSS 8.1
CVE-2023-24459 MEDIUM
Jenkins BearyChat Plugin <3.0.2 - CSRF
CVSS 6.5
Details
Vulnerabilities 8,402
Exploit Likelihood High