CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-31597 MEDIUM
SAP S/4HANA S4CORE 101-106 and SAPSCORE 127 - Authenticated Missing Authorization in Business Partner Extension
CVSS 5.4
CVE-2022-31592 MEDIUM
SAP Enterprise Extension Defense Forces & Public Security - Privile...
CVSS 4.3
CVE-2022-1245 CRITICAL
Keycloak < 18.0.0 - Missing Authorization in Token Exchange
CVSS 9.8
CVE-2022-21777 HIGH
Android - Local Privilege Escalation via Autoboot Permission Bypass
CVSS 7.8
CVE-2022-21764 MEDIUM
Android - Unauthenticated Local Information Disclosure in Telecom Service
CVSS 5.5
CVE-2022-21763 MEDIUM
Android - Unauthenticated Information Disclosure via Telecom Service
CVSS 5.5
CVE-2022-34818 MEDIUM
Jenkins Failed Job Deactivator Plugin <= 1.2.1 - Missing Authorization in Views and HTTP Endpoints
CVSS 4.3
CVE-2022-34813 MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Missing Authorization for XPath Expression Management
CVSS 4.3
CVE-2022-34811 MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Missing Authorization
CVSS 4.3
CVE-2022-34810 MEDIUM
Jenkins RQM Plugin < 2.8 - Credential ID Enumeration via Overall/Read Permission
CVSS 6.5
CVE-2022-34798 MEDIUM
Jenkins Deployment Dashboard < 1.0.10 - Missing Authorization in HTTP Endpoints
CVSS 4.3
CVE-2022-34796 MEDIUM
Jenkins Deployment Dashboard < 1.0.10 - Credential ID Enumeration via Missing Authorization
CVSS 4.3
CVE-2022-34794 MEDIUM
Jenkins Recipe Plugin < 1.2 - Server-Side Request Forgery via XML Response Parsing
CVSS 6.5
CVE-2022-34781 MEDIUM
Jenkins XebiaLabs XL Release Plugin < 22.0.0 - Missing Authorization
CVSS 6.5
CVE-2022-34779 MEDIUM
Jenkins XebiaLabs XL Release Plugin < 22.0.1 - Missing Authorization for Credential ID Enumeration
CVSS 4.3
CVE-2022-1903 HIGH
ARMember < 3.4.8 - Unauthenticated Account Takeover via Missing AJAX Action Authorization
CVSS 8.1
CVE-2022-1574 CRITICAL
HTML2WP WordPress Plugin < 1.0.0 - Unauthenticated Arbitrary File Upload via Import Function
CVSS 9.8
CVE-2022-1572 HIGH
HTML2WP < 1.0.0 - Authenticated Arbitrary File Deletion via Unprotected AJAX Action
CVSS 8.1
CVE-2022-0444 MEDIUM
XCloner < 4.3.6 - Unauthenticated Settings Reset and Backup Encryption Key Generation
CVSS 4.3
CVE-2022-1521 CRITICAL
Illumina Local Run Manager 1.3-3.1 - Unauthenticated Improper Access Control
CVSS 9.1
CVE-2022-34212 MEDIUM
Jenkins vRealize Orchestrator Plugin <3.0 - Privilege Escalation
CVSS 5.7
CVE-2022-34210 MEDIUM
Jenkins ThreadFix Plugin <1.5.4 - SSRF
CVSS 6.5
CVE-2022-34208 MEDIUM
Jenkins Beaker builder Plugin <1.10 - SSRF
CVSS 4.3
CVE-2022-34206 MEDIUM
Jenkins Jianliao Notification Plugin <1.1 - Privilege Escalation
CVSS 4.3
CVE-2022-34204 MEDIUM
Jenkins EasyQA Plugin <1.0 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 8,403
Exploit Likelihood High