CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,410 vulnerabilities with CWE-862
CVE-2021-0518 MEDIUM
Android 13 - Unauthenticated Location-Sensitive Data Leak via Wi-Fi
CVSS 5.5
CVE-2021-33676 HIGH
SAP CRM <715 - Privilege Escalation
CVSS 7.2
CVE-2021-33671 HIGH
SAP NetWeaver Guided Procedures - Privilege Escalation
CVSS 8.8
CVE-2021-20747 MEDIUM
Retty App <4.8.13-4.11.14 - Open Redirect
CVSS 4.3
CVE-2021-36124 CRITICAL
Echo ShareCare <8.15.5 - Info Disclosure
CVSS 9.8
CVE-2021-22233 MEDIUM
GitLab 13.10.0-13.11.6 - Unauthenticated Information Disclosure via Project Details
CVSS 4.3
CVE-2021-20777 MEDIUM
GU App for Android <5.0.2 - Open Redirect
CVSS 4.3
CVE-2021-21676 MEDIUM
Jenkins requests-plugin < 2.2.7 - Missing Authorization in HTTP Endpoint
CVSS 4.3
CVE-2021-27903 CRITICAL
Craft CMS < 3.6.7 - Remote Code Execution via Administrative Session Hijack
CVSS 9.8
CVE-2021-29958 MEDIUM
Firefox for iOS < 34.0 - Missing Authorization for Private Browsing Mode Cookie Isolation
CVSS 4.3
CVE-2021-0547 HIGH
Android - Missing Authorization in NetInitiatedActivity
CVSS 7.8
CVE-2021-0539 HIGH
Android 11 - Missing Authorization in MmsService.java
CVSS 7.8
CVE-2021-0568 HIGH
Android 11 - Missing Authorization in DevicePolicyManagerService
CVSS 7.8
CVE-2021-0554 MEDIUM
Android - Missing Authorization in BackupManagerService
CVSS 5.5
CVE-2021-20733 MEDIUM
asken 3.0.0-4.2.x - Unauthenticated Open Redirect via Custom URL Scheme Handler
CVSS 6.1
CVE-2021-0521 MEDIUM
Android - Unauthenticated Information Disclosure via PackageManagerService getAllPackages
CVSS 5.5
CVE-2021-0513 HIGH
Android 8.1-11 - Unauthenticated Permission Bypass via NotificationManagerService State Validation
CVSS 7.8
CVE-2021-0505 HIGH
Android 11 - Missing Authorization in Settings VPN Configuration
CVSS 7.8
CVE-2021-24356 HIGH
Simple 301 Redirects by BetterLinks 2.0.0-2.0.4 - Authenticated Arbitrary Plugin Activation via AJAX Action
CVSS 8.8
CVE-2021-24355 MEDIUM
Simple 301 Redirects by BetterLinks 2.0.0-2.0.3 - Authenticated Missing Authorization via AJAX Actions
CVSS 4.3
CVE-2021-24354 HIGH
Simple 301 Redirects by BetterLinks < 2.0.4 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 8.8
CVE-2021-24353 HIGH
Simple 301 Redirects by BetterLinks 2.0.0-2.0.3 - Unauthenticated Missing Authorization in Import Data Function
CVSS 8.8
CVE-2021-24352 HIGH
Simple 301 Redirects by BetterLinks 2.0.0-2.0.4 - Unauthenticated Sensitive Data Exposure via Export Function
CVSS 8.8
CVE-2021-21382 HIGH
restund < 0.4.15 - Unauthenticated Administrative Command Execution via TURN Relay
CVSS 8.6
CVE-2021-0491 HIGH
Android - Missing Authorization Leading to Local Privilege Escalation in Memory Management Driver
CVSS 7.8
Details
Vulnerabilities 8,410
Exploit Likelihood High