CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,408 vulnerabilities with CWE-862
CVE-2021-36909 HIGH
WP Reset PRO <= 5.98 - Authenticated Database Reset
CVSS 8.8
CVE-2021-0672 MEDIUM
Android Browser - Unauthenticated Information Disclosure via Missing Permission Check
CVSS 5.5
CVE-2021-24851 MEDIUM
WordPress Insert Pages <3.7.0 - Info Disclosure
CVSS 4.3
CVE-2021-42062 MEDIUM
SAP ERP HCM Portugal - Missing Authorization for Payroll Data Report
CVSS 4.3
CVE-2021-40502 HIGH
SAP Commerce - Privilege Escalation
CVSS 8.8
CVE-2021-40501 HIGH
SAP ABAP Platform Kernel - Privilege Escalation
CVSS 8.1
CVE-2021-42359 HIGH
WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion via admin-dismiss-unsubscribe AJAX Action
CVSS 7.5
CVE-2021-21694 CRITICAL
Jenkins < 2.303.3 and < 2.319 - Missing Authorization in FilePath Methods
CVSS 9.8
CVE-2021-21688 HIGH
Jenkins < 2.303.3 and < 2.319 - Missing Authorization in FilePath Reading
CVSS 7.5
CVE-2021-21687 CRITICAL
Jenkins < 2.303.3 and < 2.319 - Missing Authorization for Symbolic Link Creation in FilePath#untar
CVSS 9.1
CVE-2021-21685 CRITICAL
Jenkins < 2.303.3 and < 2.319 - Missing Authorization for Directory Creation via FilePath#mkdirs
CVSS 9.1
CVE-2021-41238 HIGH
Hangfire 1.7.25 - Missing Authorization in Dashboard UI
CVSS 8.6
CVE-2021-39225 HIGH
Nextcloud Deck < 1.2.9, 1.4.5, 1.5.3 - Authenticated Authorization Bypass
CVSS 8.1
CVE-2021-24779 MEDIUM
WP Debugging < 2.11.0 - Unauthenticated Settings Update via Missing Authorization
CVSS 6.5
CVE-2021-0706 MEDIUM
Android 10-11 - Unauthenticated Denial of Service via PluginManagerImpl Missing Permission Check
CVSS 5.5
CVE-2021-0643 MEDIUM
Android - Missing Authorization in SubscriptionController
CVSS 5.5
CVE-2021-31384 HIGH
Juniper Junos OS SRX Series 20.4R1-20.4R3, 21.1-21.1R1 - Unauthenticated J-Web Access Bypass
CVSS 7.2
CVE-2021-30810 MEDIUM
iPadOS < 15.0 - Missing Authorization via Wi-Fi Network Selection
CVSS 4.3
CVE-2021-38486 HIGH
InHand Networks IR615 Router's Versions 2.3.0.r4724-2.3.0.r4870 - RCE
CVSS 8.0
CVE-2021-24677 MEDIUM
WordPress Plugin <3.4.0 - Info Disclosure
CVSS 5.3
CVE-2021-37738 HIGH
Aruba ClearPass Policy Manager 6.8.0-6.8.9 - Unauthenticated Sensitive Information Disclosure
CVSS 7.5
CVE-2021-38431 MEDIUM
Advantech WebAccess SCADA <9.0.3 - Info Disclosure
CVSS 4.3
CVE-2021-42331 MEDIUM
ShinHer StudyOnline System - Missing Authorization in Study Edit Function
CVSS 5.4
CVE-2021-20834 MEDIUM
Nike App <2.177-2.177.1 - Open Redirect
CVSS 6.1
CVE-2021-39184 MEDIUM
Electron < 11.5.0, 12.1.0, 13.3.0 - Unauthorized File Content Exposure via Thumbnail API
CVSS 6.8
Details
Vulnerabilities 8,408
Exploit Likelihood High