The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,410 vulnerabilities with CWE-862
CVE-2021-23204
HIGH
Gallagher Command Centre <8.40.1888-8.30.1359 - Info Disclosure
CVSS 8.1
CVE-2021-22896
MEDIUM
Nextcloud Mail <1.9.5 - Privilege Escalation
CVSS 4.3
CVE-2021-25409
LOW
SMR JUN-2021 Release 1 - Info Disclosure
CVSS 2.4
CVE-2021-33031
LOW
LabCup <v2_next_18022 - Privilege Escalation
CVSS 3.1
CVE-2021-21473
MEDIUM
SAP NetWeaver AS ABAP and ABAP Platform - Missing Authorization in SRM_RFC_SUBMIT_REPORT Function Module
CVSS 6.3
CVE-2021-32015
MEDIUM
Nuvoton NPCT75x TPM 1.2 Firmware 7.4.0.0 - Authenticated Unauthorized Access to Non-Volatile Memory
CVSS 6.0
CVE-2021-31921
CRITICAL
Istio < 1.8.6 and 1.9.x < 1.9.5 - Missing Authorization via AUTO_PASSTHROUGH Gateway Routing
CVSS 9.8
CVE-2021-32652
HIGH
Nextcloud Mail <1.4.3, <1.8.2 - Info Disclosure
CVSS 8.8
CVE-2021-22891
CRITICAL
Citrix ShareFile Storage Zones Controller <5.7.3-5.11.18 - RCE
CVSS 9.8
CVE-2021-32917
MEDIUM
prosody < 0.11.9 - Unauthenticated Bandwidth Abuse via proxy65 Component
CVSS 5.3
CVE-2021-23014
HIGH
BIG-IP <16.0.1.1, <15.1.3, <14.1.4 - Auth Bypass
CVSS 8.8
CVE-2021-27573
CRITICAL
Emote Remote Mouse < 4.0.0.0 - Unauthenticated Remote Code Execution via UDP Packet
CVSS 9.8
CVE-2021-21984
CRITICAL
VMware vRealize Business for Cloud 7.0-7.5.x - Unauthenticated Remote Code Execution via Unauthorized Endpoint
CVSS 9.8
CVE-2021-32093
MEDIUM
NSA Emissary 5.9.0 - Authenticated Arbitrary File Read via ConfigFileAction ConfigName Parameter
CVSS 6.5
CVE-2021-32095
HIGH
NSA Emissary 5.9.0 - Authenticated Arbitrary File Deletion
CVSS 8.1
CVE-2021-1508
CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 19.2.99 - Missing Authorization
CVSS 9.8
CVE-2021-1506
CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Missing Authorization
CVSS 9.8
CVE-2021-1505
CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Missing Authorization
CVSS 9.8
CVE-2021-21264
MEDIUM
October CMS < 1.0.472 - Authenticated Remote Code Execution via Twig Sandbox Escape
CVSS 5.2
CVE-2021-20715
MEDIUM
Hot Pepper Gourmet App <4.111.0 - SSRF
CVSS 4.3
CVE-2021-20693
HIGH
Gurunavi App <10.0.10-11.1.2 - SSRF
CVSS 7.5
CVE-2021-27609
MEDIUM
SAP Focused RUN - Privilege Escalation
CVSS 6.5
CVE-2021-27605
MEDIUM
SAP HCM Travel Management Fiori Apps V2 - Privilege Escalation
CVSS 4.3
CVE-2021-27598
MEDIUM
SAP NetWeaver AS JAVA - Info Disclosure
CVSS 5.3
CVE-2021-0428
MEDIUM
Android 10 - Missing Authorization in TelephonyManager.getSimSerialNumber
CVSS 5.5
Details
Vulnerabilities
8,410
Exploit Likelihood
High