CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-21748 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in Telephony
CVSS 5.5
CVE-2022-1203 MEDIUM
Content Mask < 1.8.4.1 - Authenticated Arbitrary Option Update via Missing Authorization
CVSS 4.3
CVE-2022-28993 CRITICAL
Multi Store Inventory Management System v1.0 - Info Disclosure
CVSS 9.8
CVE-2022-1423 HIGH
GitLab 1.0.2-14.8.5, 14.9.0-14.9.3, 14.10.0 - RCE via CI/CD Cache Poisoning
CVSS 7.1
CVE-2022-30959 MEDIUM
Jenkins SSH Plugin <2.6.1 - Privilege Escalation
CVSS 6.5
CVE-2022-30957 MEDIUM
Jenkins SSH Plugin <2.6.1 - Info Disclosure
CVSS 4.3
CVE-2022-30955 MEDIUM
Jenkins GitLab Plugin <1.5.31 - Info Disclosure
CVSS 6.5
CVE-2022-30954 MEDIUM
Jenkins Blue Ocean Plugin <1.25.3 - CSRF
CVSS 6.5
CVE-2022-30951 HIGH
Jenkins WMI Windows Agents Plugin <1.8 - RCE
CVSS 8.8
CVE-2022-30594 HIGH
Linux Kernel < 5.17.2 - Missing Authorization via PT_SUSPEND_SECCOMP Flag
CVSS 7.8
CVE-2022-29611 HIGH
SAP NetWeaver Application Server ABAP and ABAP Platform - Missing Authorization
CVSS 8.8
CVE-2022-20121 MEDIUM
Android - Unauthenticated ICCID Disclosure via USCCDMPlugin getNodeValue
CVSS 5.5
CVE-2022-20115 MEDIUM
Android 12 and 12L - Local Information Disclosure via TelephonyRegistry Broadcast
CVSS 5.5
CVE-2022-20011 MEDIUM
Android - Local Information Disclosure via NotificationManagerService
CVSS 5.5
CVE-2022-20004 HIGH
Android - Local Privilege Escalation via Slice URI Input Validation
CVSS 7.8
CVE-2022-1442 HIGH
MetForm < 2.1.3 - Unauthenticated Sensitive Information Disclosure in action.php
CVSS 7.5
CVE-2022-29176 CRITICAL
rubygems.org - Unauthenticated Gem Removal and Replacement via Yank Action
CVSS 9.9
CVE-2022-20102 MEDIUM
Android - Missing Authorization in aee Daemon
CVSS 4.4
CVE-2022-28789 MEDIUM
Voice Note <21.3.51.11 - Info Disclosure
CVSS 6.2
CVE-2022-20100 MEDIUM
Android - Missing Authorization in aee Daemon
CVSS 4.4
CVE-2022-20098 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in aee Daemon
CVSS 4.4
CVE-2022-20093 HIGH
Android - Missing Authorization in Telephony Leading to SMS Reception Disruption
CVSS 7.8
CVE-2022-20084 HIGH
Android - Missing Authorization for Emergency Broadcast Disabling
CVSS 7.8
CVE-2022-0952 HIGH
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Option Update via REST Endpoint
CVSS 8.8
CVE-2022-29906 CRITICAL
MediaWiki QuizGame Extension < 1.37.2 - Missing Authorization in Admin API Module
CVSS 9.8
Details
Vulnerabilities 8,403
Exploit Likelihood High