CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-34201 MEDIUM
Jenkins Convertigo Mobile Platform Plugin <1.1 - Info Disclosure
CVSS 6.5
CVE-2022-23055
ERPNext 11.0.0-beta-13.0.2 - Missing Authorization in Chat Rooms
CVE-2022-31095 MEDIUM
Discourse-chat <0.4 - Info Disclosure
CVSS 4.3
CVE-2022-33913 HIGH
Mahara <21.04.6-22.04.2 - Info Disclosure
CVSS 7.5
CVE-2022-20736 MEDIUM
Cisco AppDynamics Controller Software - Info Disclosure
CVSS 5.3
CVE-2022-20206 MEDIUM
Android - Missing Authorization in NotificationManagerService
CVSS 5.5
CVE-2022-20204 HIGH
Android 12L - Missing Authorization in DevicePolicyManagerService
CVSS 7.8
CVE-2022-20200 MEDIUM
Android - Local Information Disclosure via SoftApManager Missing Permission Check
CVSS 5.5
CVE-2022-20182 MEDIUM
Android - Local Information Disclosure via Ramdump Creation
CVSS 4.4
CVE-2022-20172 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in ShannonRcsService
CVSS 5.5
CVE-2022-20138 HIGH
Android - Missing Authorization in DevicePolicyManagerService
CVSS 7.8
CVE-2022-20137 HIGH
Android 12-12L - Missing Authorization in NetworkProviderSettings
CVSS 7.3
CVE-2022-20133 HIGH
Android - Missing Authorization in AdapterService.setDiscoverableTimeout
CVSS 7.8
CVE-2022-20126 HIGH
Android - Missing Authorization in AdapterService Bluetooth Discovery Mode
CVSS 7.3
CVE-2022-31595 HIGH
SAP Financial Consolidation 1010 - Privilege Escalation
CVSS 8.8
CVE-2022-32560 HIGH
Couchbase Server 4.0.0-7.0.3 - Missing Authorization in XDCR Settings
CVSS 7.5
CVE-2022-31752 MEDIUM
Huawei EMUI and Magic UI - Missing Authorization
CVSS 5.5
CVE-2022-1777 HIGH
Filr WordPress Plugin < 1.2.2.1 - Authenticated Arbitrary File Upload and Deletion via AJAX Actions
CVSS 8.8
CVE-2022-0885 CRITICAL
Member Hero WordPress Plugin < 1.0.9 - Unauthenticated Arbitrary PHP Function Execution via AJAX Action
CVSS 9.8
CVE-2022-0745 MEDIUM
Like Button Rating WP <2.6.45 - Info Disclosure
CVSS 6.5
CVE-2022-24896 MEDIUM
Tuleap < 13.7.99.239 - Missing Authorization in Tracker Report Renderer and Chart Widgets
CVSS 4.3
CVE-2022-1570 MEDIUM
Files Download Delay < 1.0.7 - Authenticated Missing Authorization for Settings Reset
CVSS 6.5
CVE-2022-30746 HIGH
Smart Things <1.7.85.12 - Info Disclosure
CVSS 7.5
CVE-2022-30731 MEDIUM
My Files <13.1.00.193 - Info Disclosure
CVSS 5.1
CVE-2022-21749 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in Telephony
CVSS 5.5
Details
Vulnerabilities 8,403
Exploit Likelihood High