CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,410 vulnerabilities with CWE-862
CVE-2021-41077 HIGH
Travis CI 2021-09-03-2021-09-10 - Unauthorized Secret Data Exposure via Forked Repository Build Process
CVSS 7.5
CVE-2021-38164 MEDIUM
SAP ERP Financial Accounting - Privilege Escalation
CVSS 5.4
CVE-2021-37535 CRITICAL
SAP NetWeaver Application Server Java 7.11-7.50 - Missing Authorization in JMS Connector Service
CVSS 9.8
CVE-2021-38388 HIGH
Central Dogma - Privilege Escalation
CVSS 8.8
CVE-2021-30713 HIGH KEV
macOS Big Sur <11.4 - Privilege Escalation
CVSS 7.8
CVE-2021-30657 MEDIUM KEV
macOS Gatekeeper check bypass
CVSS 5.5
CVE-2021-1835 MEDIUM
iPadOS < 14.5 - Unauthenticated Notes Access from Lock Screen
CVSS 4.6
CVE-2021-38698 MEDIUM
HashiCorp Consul < 1.8.15, 1.10.1 - Missing Authorization in Txn.Apply Endpoint
CVSS 6.5
CVE-2021-40379 HIGH
Compro IP70, IP570, IP60, TN540 Firmware - Unauthenticated RTSP Stream Access
CVSS 7.5
CVE-2021-40378 HIGH
Compro IP70 IP570 IP60 TN540 Firmware - Unauthenticated Denial of Service via killps.cgi
CVSS 8.1
CVE-2021-36232 HIGH
MIK.starlight <7.9.5.24363 - Privilege Escalation
CVSS 8.8
CVE-2021-40088 MEDIUM
PrimeKey EJBCA < 7.6.0 - Missing Authorization in CMP RA Mode Revocation
CVSS 5.4
CVE-2021-30874 HIGH
iPadOS < 15.0 - Unauthenticated VPN Configuration Installation
CVSS 7.5
CVE-2021-0415 MEDIUM
In memory management driver - Info Disclosure
CVSS 5.5
CVE-2021-0642 MEDIUM
Android - Local Information Disclosure via VoicemailSettingsFragment
CVSS 5.5
CVE-2021-0641 MEDIUM
Android 8.1-11 - Unauthenticated Unique Identifier Disclosure via getAvailableSubscriptionInfoList
CVSS 5.5
CVE-2021-38755 MEDIUM
Hospital Management System - Path Traversal
CVSS 5.3
CVE-2021-24501 HIGH
Workreap < 2.2.2 - Authenticated Missing Authorization in AJAX Actions
CVSS 8.1
CVE-2021-24500 HIGH
Workreap < 2.2.2 - Insecure Direct Object Reference and CSRF via AJAX Actions
CVSS 8.1
CVE-2021-35327 CRITICAL
TOTOLINK A720R <4.1.5cu.470_B20200911 - RCE
CVSS 9.8
CVE-2021-33197 MEDIUM
Go <1.15.13, <1.16.5 - Info Disclosure
CVSS 5.3
CVE-2021-34629 MEDIUM
SendGrid < 1.11.8 - Authenticated Authorization Bypass via get_ajax_statistics
CVSS 4.3
CVE-2021-32748 MEDIUM
Nextcloud Richdocuments - Info Disclosure
CVSS 4.3
CVE-2021-0654 MEDIUM
Android - Local Information Disclosure via TaskThumbnailView Missing Permission Check
CVSS 5.5
CVE-2021-0597 MEDIUM
Android - Local Information Disclosure via SipService Profile Notification
CVSS 5.5
Details
Vulnerabilities 8,410
Exploit Likelihood High