CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,407 vulnerabilities with CWE-862
CVE-2021-28052 HIGH
Hitachi Content Platform <8.3.7, <9.0.0-9.2.3 - Privilege Escalation
CVSS 7.5
CVE-2021-24890 HIGH
Scripts Organizer < 3.0 - Unauthenticated Arbitrary PHP File Write via saveScript AJAX Action
CVSS 8.8
CVE-2021-41803 HIGH
HashiCorp Consul 1.8.1-1.11.8, 1.12.4, 1.13.1 - Missing Authorization via JWT Claim Assertion
CVSS 7.1
CVE-2021-39190 MEDIUM
GLPI SCCM Plugin < 2.3.0 - Unauthenticated Information Disclosure via Configuration Page
CVSS 5.3
CVE-2021-0735 MEDIUM
Android 13 - Unauthenticated Local Information Disclosure via PackageManager
CVSS 5.5
CVE-2021-33057 HIGH
QQ App 8.7.1 - Info Disclosure
CVSS 7.5
CVE-2021-32504 MEDIUM
SICK FTMG Firmware < 2.8 - Unauthenticated Sensitive Information Exposure via Web URL Access
CVSS 5.3
CVE-2021-26637 HIGH
SiHAS SGW-300, ACM-300, GCM-300 Firmware - Unauthenticated Remote Device Control
CVSS 8.8
CVE-2021-46820 HIGH
XOS-Shop <1.0.9 - Privilege Escalation
CVSS 8.1
CVE-2021-37764 HIGH
xos_shop_system 1.0.9 - Arbitrary File Deletion via current_manufacturer_image Parameter
CVSS 8.1
CVE-2021-25116 MEDIUM
Enqueue Anything WordPress Plugin < 1.0.1 - Unauthenticated Arbitrary Asset Deletion
CVSS 6.5
CVE-2021-42851 MEDIUM
Lenovo Personal Cloud Storage A1/T1/X1/T2/T2Pro Firmware < 5.3.8 - Unauthenticated Account Creation
CVSS 6.3
CVE-2021-42848 MEDIUM
Lenovo Personal Cloud Storage A1/T1/X1/T2/T2Pro Firmware < 5.3.8 - Unauthenticated Information Disclosure
CVSS 4.3
CVE-2021-33013 HIGH
mySCADA myPRO <8.20.0 - Info Disclosure
CVSS 8.2
CVE-2021-39738 HIGH
Android - Missing Authorization in CarSettings Bluetooth Pairing
CVSS 7.8
CVE-2021-44055 MEDIUM
QNAP Video Station < 5.1.8 - Missing Authorization
CVSS 5.3
CVE-2021-25002 HIGH
Tipsacarrier WordPress <1.5.0.5 - Info Disclosure
CVSS 7.5
CVE-2021-43938 HIGH
Elcomplus SmartPTT SCADA Server - Info Disclosure
CVSS 8.1
CVE-2021-44595 HIGH
Wondershare Dr.Fone - Unauthenticated Privilege Escalation via ElevationService.exe
CVSS 8.8
CVE-2021-39808 HIGH
Android - Local Privilege Escalation via Notification Channel Group Input Validation
CVSS 7.8
CVE-2021-32503 MEDIUM
SICK FTMG Firmware < 2.8 - Unauthenticated Sensitive Information Exposure via Web URL Access
CVSS 4.9
CVE-2021-39768 HIGH
Android 12L - Missing Authorization for Auto-Connect WiFi Network
CVSS 7.8
CVE-2021-39758 HIGH
Android 12L - Missing Authorization Check in WindowManager
CVSS 7.8
CVE-2021-39753 MEDIUM
Android 12L - Unauthenticated Local Information Disclosure in DomainVerificationService
CVSS 5.5
CVE-2021-39751 MEDIUM
Android 12L - Unauthenticated Local Information Disclosure via Bluetooth Device Name
CVSS 5.5
Details
Vulnerabilities 8,407
Exploit Likelihood High