CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-1511 MEDIUM
snipe-it < 5.4.4 - Missing Authorization
CVSS 6.5
CVE-2022-1092 MEDIUM
myCred < 2.4.4 - Authenticated Missing Authorization in mycred-tools-import-export AJAX Action
CVSS 4.3
CVE-2022-0634 MEDIUM
ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Missing Authorization in ta_insert_external_image Action
CVSS 4.3
CVE-2022-0398 MEDIUM
ThirstyAffiliates Affiliate Link Manager <3.10.5 - CSRF
CVSS 5.4
CVE-2022-0363 MEDIUM
myCred WordPress plugin <2.4.3.1 - CSRF
CVSS 4.3
CVE-2022-0287 MEDIUM
myCred WordPress <2.4.4.1 - Info Disclosure
CVSS 4.3
CVE-2022-25342 HIGH
Olivetti d-COLOR MF3555 Firmware 2XD_S000.002.271 - Missing Authorization in /mngset/authset
CVSS 8.1
CVE-2022-1384 MEDIUM
Mattermost < 6.5.0 - Authenticated Plugin Version Check Bypass
CVSS 4.7
CVE-2022-1329 HIGH
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
CVSS 8.8
CVE-2022-1054 MEDIUM
RSVP and Event Management Plugin < 2.7.8 - Unauthenticated Sensitive Data Exposure via Export Function
CVSS 5.3
CVE-2022-1020 CRITICAL
Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call via wpt_admin_update_notice_option AJAX Action
CVSS 9.8
CVE-2022-29051 MEDIUM
Jenkins Publish Over FTP Plugin <1.16 - Privilege Escalation
CVSS 4.3
CVE-2022-27669 HIGH
SAP NetWeaver Application Server for Java 7.50 - Unauthenticated Missing Authorization in XML Data Archiving Service
CVSS 7.5
CVE-2022-27480 HIGH
SICAM A8000 CP-8031 and CP-8050 Firmware < 4.80 - Unauthenticated Arbitrary File Download
CVSS 7.5
CVE-2022-0919 MEDIUM
Salon booking system WordPress plugins < 7.6.3 - Unauthenticated Sensitive Information Exposure
CVSS 5.3
CVE-2022-0837 MEDIUM
Amelia < 1.0.48 - Missing Authorization in SMS Service
CVSS 5.4
CVE-2022-0404 MEDIUM
Material Design for Contact Form 7 <2.6.4 - DoS
CVSS 6.5
CVE-2022-0390 MEDIUM
Gitlab CE/EE <14.5.4-14.7.1 - Info Disclosure
CVSS 4.3
CVE-2022-26546 CRITICAL
Hospital Management System v1.0 - Info Disclosure
CVSS 9.1
CVE-2022-23183 MEDIUM
Advanced Custom Fields < 5.12.1 - Authenticated Missing Authorization
CVSS 6.5
CVE-2022-20002 HIGH
Android <12L - Privilege Escalation
CVSS 7.8
CVE-2022-28158 MEDIUM
Jenkins Pipeline: Phoenix AutoTest Plugin < 1.3 - Missing Authorization for Credential ID Enumeration
CVSS 6.5
CVE-2022-28151 MEDIUM
Jenkins Job and Node Ownership Plugin < 0.13.0 - Missing Authorization
CVSS 4.3
CVE-2022-28147 MEDIUM
Jenkins Continuous Integration with Toad Edge Plugin < 2.3 - Missing Authorization for File Path Existence Check
CVSS 4.3
CVE-2022-28144 MEDIUM
Jenkins Proxmox Plugin < 0.7.0 - Missing Authorization in HTTP Endpoints
CVSS 6.5
Details
Vulnerabilities 8,403
Exploit Likelihood High