CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,408 vulnerabilities with CWE-862
CVE-2021-40884 HIGH
Projectsend r1295 - Info Disclosure
CVSS 8.1
CVE-2021-37976 MEDIUM KEV
Google Chrome < 94.0.4606.71 - Unauthenticated Sensitive Information Exposure via Crafted HTML Page
CVSS 6.5
CVE-2021-32172 CRITICAL
Maian Cart 3.8 - Unauthenticated Remote Code Execution via Elfinder Plugin
CVSS 9.8
CVE-2021-0686 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in RoleManagerService
CVSS 5.5
CVE-2021-0682 MEDIUM
Android - Missing Authorization in NotificationManagerService
CVSS 5.5
CVE-2021-0681 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in System Properties
CVSS 5.5
CVE-2021-0680 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in System Properties
CVSS 5.5
CVE-2021-39226 CRITICAL KEV
Grafana < 7.5.11 - Unauthenticated Snapshot Data Exposure and Deletion via Direct Path Access
CVSS 9.8
CVE-2021-41554 HIGH
ARCHIBUS Web Central 21.3.3.815 - Authenticated Missing Authorization in Administrative Endpoints
CVSS 8.8
CVE-2021-39893 MEDIUM
GitLab 9.1.0-14.1.6 - Unauthenticated Denial of Service via File Parsing
CVSS 5.3
CVE-2021-39347 MEDIUM
Stripe for WooCommerce 3.0.0-3.3.9 - Missing Authorization in User Edit Save Function
CVSS 4.3
CVE-2021-41729 CRITICAL
BaiCloud-cms 2.5.7 - Arbitrary File Deletion via /user/ppsave.php
CVSS 9.1
CVE-2021-3653 HIGH
Linux Kernel < 5.14-rc7 - Missing Authorization in KVM SVM Nested Virtualization
CVSS 8.8
CVE-2021-33924 CRITICAL
Confluent Ansible 5.5.0-5.5.2, 6.0.0 - Missing Authorization
CVSS 9.8
CVE-2021-37270 CRITICAL
CMS Enterprise Website Construction System 5.0 - Unauthenticated Missing Authorization
CVSS 9.8
CVE-2021-24633 MEDIUM
Countdown Block < 1.1.2 - Authenticated Arbitrary Post Content Modification via eb_write_block_css AJAX Action
CVSS 4.3
CVE-2021-34648 MEDIUM
Ninja Forms <= 3.5.7 - Authenticated Arbitrary Email Sending via trigger_email_action
CVSS 6.4
CVE-2021-34647 MEDIUM
Ninja Forms <= 3.5.7 - Authenticated Sensitive Information Disclosure via Bulk Export Submissions
CVSS 6.5
CVE-2021-24639 HIGH
OMGF WordPress Plugin < 4.5.4 - Authenticated Path Traversal and Arbitrary File Deletion via omgf_ajax_empty_dir
CVSS 8.1
CVE-2021-24635 MEDIUM
Visual Link Preview < 2.2.3 - Authenticated Improper Access Control via AJAX Actions
CVSS 5.4
CVE-2021-33704 HIGH
SAP Business One <10.0 - Privilege Escalation
CVSS 8.8
CVE-2021-22149 HIGH
Elastic Enterprise Search App Search < 7.14.0 - Authenticated Missing Authorization via Alternate API Route
CVSS 8.8
CVE-2021-22147 MEDIUM
Elasticsearch 7.11.0-7.13.4 - Authenticated Missing Authorization in Searchable Snapshots
CVSS 6.5
CVE-2021-41077 HIGH
Travis CI 2021-09-03-2021-09-10 - Unauthorized Secret Data Exposure via Forked Repository Build Process
CVSS 7.5
CVE-2021-38164 MEDIUM
SAP ERP Financial Accounting - Privilege Escalation
CVSS 5.4
Details
Vulnerabilities 8,408
Exploit Likelihood High