CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-20295 MEDIUM
Android 13 - Local Information Disclosure via Account Existence Check
CVSS 5.5
CVE-2022-20294 MEDIUM
Android 13 - Local Information Disclosure via Missing Permission Check
CVSS 5.5
CVE-2022-20284 MEDIUM
Android 13 - Missing Authorization in Telephony
CVSS 5.5
CVE-2022-20282 HIGH
Android 13 - Unauthenticated Activity Launch via AppWidget Missing Permission Check
CVSS 7.8
CVE-2022-20281 HIGH
Android 13 - Missing Authorization Check in Core Activity Start
CVSS 7.8
CVE-2022-20274 HIGH
Android 13 - Missing Authorization in Keyguard
CVSS 7.8
CVE-2022-20267 LOW
Android 13 - Missing Authorization in Bluetooth Connection Control
CVSS 3.3
CVE-2022-20263 MEDIUM
Android 13 - Missing Authorization in ActivityManager
CVSS 5.5
CVE-2022-20262 LOW
Android 13 - Missing Authorization in ActivityManager
CVSS 3.3
CVE-2022-20261 LOW
Android 13 - Missing Authorization in LocationManager
CVSS 2.3
CVE-2022-20259 MEDIUM
Android 13 - Unauthenticated ICCID and EID Information Disclosure in Telephony
CVSS 5.5
CVE-2022-20255 MEDIUM
Android 13 - Missing Authorization in SettingsProvider
CVSS 4.4
CVE-2022-35293 CRITICAL
SAP Enable Now Manager - Unauthenticated Account Access via Insecure Session Management
CVSS 9.1
CVE-2022-20360 HIGH
Android - Local Privilege Escalation via SecureNfcPreferenceController
CVSS 7.8
CVE-2022-20358 LOW
Android - Local Information Disclosure via Missing Permission Check in AbstractThreadedSyncAdapter
CVSS 3.3
CVE-2022-20352 MEDIUM
Android - Local Information Disclosure via Location Request Listener
CVSS 5.5
CVE-2022-20349 HIGH
Android - Local Privilege Escalation via Wifi/Bluetooth Scanning Preference Controller
CVSS 7.8
CVE-2022-20348 HIGH
Android - Local Privilege Escalation via Missing Permission Check in LocationServicesWifiScanningPreferenceController
CVSS 7.8
CVE-2022-2732 HIGH
openemr < 7.0.0.1 - Missing Authorization
CVSS 8.3
CVE-2022-1323 MEDIUM
Discy < 5.0 - Authenticated Missing Authorization via discy_update_options AJAX Action
CVSS 6.5
CVE-2022-36836 MEDIUM
Samsung Charm Firmware < 1.2.3 - Unprotected Provider Information Disclosure
CVSS 6.2
CVE-2022-2459 LOW
GitLab < 15.0.5, 15.1 < 15.1.4, 15.2 < 15.2.1 - Missing Authorization for Email Invited Members
CVSS 2.7
CVE-2022-31128 MEDIUM
Tuleap <13.10.99.82 - Privilege Escalation
CVSS 5.4
CVE-2022-26429 HIGH
Android - Local Privilege Escalation via Missing Permission Check in CTA
CVSS 7.8
CVE-2022-2370 MEDIUM
YaySMTP < 2.2.1 - Authenticated Mailer Credentials Exposure via Settings Page
CVSS 6.5
Details
Vulnerabilities 8,403
Exploit Likelihood High