The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,403 vulnerabilities with CWE-862
CVE-2022-31597
MEDIUM
SAP S/4HANA S4CORE 101-106 and SAPSCORE 127 - Authenticated Missing Authorization in Business Partner Extension
CVSS 5.4
CVE-2022-31592
MEDIUM
SAP Enterprise Extension Defense Forces & Public Security - Privile...
CVSS 4.3
CVE-2022-1245
CRITICAL
Keycloak < 18.0.0 - Missing Authorization in Token Exchange
CVSS 9.8
CVE-2022-21777
HIGH
Android - Local Privilege Escalation via Autoboot Permission Bypass
CVSS 7.8
CVE-2022-21764
MEDIUM
Android - Unauthenticated Local Information Disclosure in Telecom Service
CVSS 5.5
CVE-2022-21763
MEDIUM
Android - Unauthenticated Information Disclosure via Telecom Service
CVSS 5.5
CVE-2022-34818
MEDIUM
Jenkins Failed Job Deactivator Plugin <= 1.2.1 - Missing Authorization in Views and HTTP Endpoints
CVSS 4.3
CVE-2022-34813
MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Missing Authorization for XPath Expression Management
CVSS 4.3
CVE-2022-34811
MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Missing Authorization
CVSS 4.3
CVE-2022-34810
MEDIUM
Jenkins RQM Plugin < 2.8 - Credential ID Enumeration via Overall/Read Permission
CVSS 6.5
CVE-2022-34798
MEDIUM
Jenkins Deployment Dashboard < 1.0.10 - Missing Authorization in HTTP Endpoints
CVSS 4.3
CVE-2022-34796
MEDIUM
Jenkins Deployment Dashboard < 1.0.10 - Credential ID Enumeration via Missing Authorization
CVSS 4.3
CVE-2022-34794
MEDIUM
Jenkins Recipe Plugin < 1.2 - Server-Side Request Forgery via XML Response Parsing
CVSS 6.5
CVE-2022-34781
MEDIUM
Jenkins XebiaLabs XL Release Plugin < 22.0.0 - Missing Authorization
CVSS 6.5
CVE-2022-34779
MEDIUM
Jenkins XebiaLabs XL Release Plugin < 22.0.1 - Missing Authorization for Credential ID Enumeration
CVSS 4.3
CVE-2022-1903
HIGH
ARMember < 3.4.8 - Unauthenticated Account Takeover via Missing AJAX Action Authorization
CVSS 8.1
CVE-2022-1574
CRITICAL
HTML2WP WordPress Plugin < 1.0.0 - Unauthenticated Arbitrary File Upload via Import Function
CVSS 9.8
CVE-2022-1572
HIGH
HTML2WP < 1.0.0 - Authenticated Arbitrary File Deletion via Unprotected AJAX Action
CVSS 8.1
CVE-2022-0444
MEDIUM
XCloner < 4.3.6 - Unauthenticated Settings Reset and Backup Encryption Key Generation
CVSS 4.3
CVE-2022-1521
CRITICAL
Illumina Local Run Manager 1.3-3.1 - Unauthenticated Improper Access Control
CVSS 9.1
CVE-2022-34212
MEDIUM
Jenkins vRealize Orchestrator Plugin <3.0 - Privilege Escalation
CVSS 5.7
CVE-2022-34210
MEDIUM
Jenkins ThreadFix Plugin <1.5.4 - SSRF
CVSS 6.5
CVE-2022-34208
MEDIUM
Jenkins Beaker builder Plugin <1.10 - SSRF
CVSS 4.3
CVE-2022-34206
MEDIUM
Jenkins Jianliao Notification Plugin <1.1 - Privilege Escalation
CVSS 4.3
CVE-2022-34204
MEDIUM
Jenkins EasyQA Plugin <1.0 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities
8,403
Exploit Likelihood
High