CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,408 vulnerabilities with CWE-862
CVE-2021-0978 LOW
Android - Local Information Disclosure via Side Channel in DeviceIdentifiersPolicyService
CVSS 3.3
CVE-2021-0965 HIGH
Android - Missing Authorization for Bluetooth Device Pairing
CVSS 8.8
CVE-2021-0926 HIGH
Android - Missing Authorization in NfcImportVCardActivity
CVSS 7.8
CVE-2021-0923 HIGH
Android 12 - Missing Authorization in Permission.java
CVSS 7.8
CVE-2021-0922 HIGH
Android - Missing Authorization Check in PackageManagerService
CVSS 7.8
CVE-2021-0653 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in NetworkPolicyManagerService
CVSS 5.5
CVE-2021-44233 HIGH
SAP GRC Access Control V1100_700 V1100_731 V1200_750 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2021-42367 MEDIUM
Variation Swatches for WooCommerce <= 2.1.1 - Authenticated Stored Cross-Site Scripting via Settings Parameters
CVSS 6.4
CVE-2021-41066 HIGH
Listary < 6 - Missing Authorization
CVSS 7.5
CVE-2021-24836 MEDIUM
Temporary Login Without Password < 1.7.1 - Authenticated Missing Authorization in Settings Update
CVSS 4.3
CVE-2021-24790 MEDIUM
Contact Form Advanced Database <1.0.8 - CSRF
CVSS 4.3
CVE-2021-20867 MEDIUM
Advanced Custom Fields <5.11 - Info Disclosure
CVSS 6.5
CVE-2021-20866 MEDIUM
Advanced Custom Fields <5.11 - Info Disclosure
CVSS 6.5
CVE-2021-20865 HIGH
Advanced Custom Fields <5.11 - Info Disclosure
CVSS 7.5
CVE-2021-4089 MEDIUM
snipe-it < 5.3.3 and 5.3.4 - Improper Access Control
CVSS 4.3
CVE-2021-25519 MEDIUM
CPLC <SMR Dec-2021 Release 1 - Info Disclosure
CVSS 4.0
CVE-2021-43781 MEDIUM
Invenio-Drafts-Resources <0.13.7, 0.14.6 - Privilege Escalation
CVSS 6.4
CVE-2021-24914 HIGH
Tawk.To Live Chat WordPress Plugin < 0.6.0 - Authenticated Missing Authorization via AJAX Actions
CVSS 8.0
CVE-2021-35413 HIGH
Chamilo LMS 1.11.0-1.11.16 - Authenticated Remote Code Execution via .htaccess File Upload
CVSS 8.8
CVE-2021-24842 MEDIUM
WordPress Plugin <1.12 - Info Disclosure
CVSS 5.4
CVE-2021-36917 MEDIUM
Hide My WP < 6.2.3 - Unauthenticated Plugin Deactivation via Reset Token
CVSS 6.5
CVE-2021-20835 HIGH
Mercari (Merpay) Japan <4.49.1 - CSRF
CVSS 7.5
CVE-2021-39236 HIGH
Apache Ozone < 1.2.0 - Authenticated User Impersonation via OM Request
CVSS 8.8
CVE-2021-39232 HIGH
Apache Ozone < 1.2.0 - Authenticated Missing Authorization for Admin Commands
CVSS 8.8
CVE-2021-39231 CRITICAL
Apache Ozone < 1.2.0 - Missing Authorization for Internal RPC Endpoints
CVSS 9.1
Details
Vulnerabilities 8,408
Exploit Likelihood High