CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,410 vulnerabilities with CWE-862
CVE-2021-21432 HIGH
Vela 0.7.0-0.7.4 - Unauthenticated Secret Exposure via .netrc File
CVSS 7.5
CVE-2021-30155 MEDIUM
MediaWiki <1.35.2 - Privilege Escalation
CVSS 4.3
CVE-2021-22513 MEDIUM
Micro Focus Application Automation Tools < 6.7 - Missing Authorization
CVSS 6.5
CVE-2021-27900 HIGH
Proofpoint Insider Threat Management < 7.9.3 - Missing Authorization in Web Console
CVSS 8.1
CVE-2021-24184 HIGH
Tutor LMS < 1.7.7 - Missing Authorization in AJAX Endpoints
CVSS 8.8
CVE-2021-24164 MEDIUM
Ninja Forms < 3.4.34.1 - Missing Authorization via OAuth Connection URL Retrieval
CVSS 4.3
CVE-2021-24163 HIGH
Ninja Forms < 3.4.34 - Missing Authorization via wp_ajax_ninja_forms_sendwp_remote_install_handler
CVSS 8.8
CVE-2021-1755 LOW
macOS < 11.0.1 - Unauthenticated Lock Screen Bypass to Contacts
CVSS 2.4
CVE-2021-21637 MEDIUM
Jenkins Team Foundation Server Plugin < 5.157.1 - Missing Authorization for Credential Capture via URL Connection
CVSS 6.5
CVE-2021-21636 MEDIUM
Jenkins Team Foundation Server Plugin < 5.157.1 - Missing Authorization for Credentials Enumeration
CVSS 4.3
CVE-2021-21632 MEDIUM
Jenkins OWASP Dependency-Track < 3.1.0 - Missing Authorization for URL Connection
CVSS 6.5
CVE-2021-21631 MEDIUM
Jenkins Cloud Statistics Plugin < 0.26 - Missing Authorization in HTTP Endpoint
CVSS 4.3
CVE-2021-28669 HIGH
Xerox AltaLink B80xx/C8030/C8035/C8045/C8055/C8070 < 103.008.020.23120 - Missing Authorization
CVSS 7.5
CVE-2021-21437 LOW
OTRS ITSM <7.0.24 & CIsInCustomerFrontend <7.0.15 - Missing Authorization for Linked Config Items
CVSS 3.5
CVE-2021-26990 CRITICAL
NetApp Cloud Manager < 3.9.4 - Arbitrary File Write via Missing Authorization
CVSS 9.1
CVE-2021-27656 MEDIUM
exacqVision Web Service <20.12.2.0 - Info Disclosure
CVSS 5.3
CVE-2021-24146 HIGH
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Information Disclosure via Export Function
CVSS 7.5
CVE-2021-21626 MEDIUM
Jenkins Warnings Next Generation Plugin <= 8.4.4 - Missing Authorization in Form Validation
CVSS 4.3
CVE-2021-21625 MEDIUM
Jenkins CloudBees AWS Credentials Plugin < 1.28 - Missing Authorization in HTTP Endpoint Helper Method
CVSS 4.3
CVE-2021-20283 MEDIUM
moodle 3.5.0-3.5.16 and 3.10.0-3.10.1 - Missing Authorization in Course Enrollment Web Service
CVSS 4.3
CVE-2021-28375 HIGH
Linux Kernel 5.1-5.11.6 - Missing Authorization in fastrpc_internal_invoke
CVSS 7.8
CVE-2021-28154 CRITICAL
Camunda Modeler <4.6.0 - Code Injection
CVSS 9.1
CVE-2021-28141 CRITICAL
Progress Telerik UI for ASP.NET AJAX 2021.1.224 - Auth Bypass
CVSS 9.8
CVE-2021-0389 HIGH
Android - Missing Authorization in UiModeManagerService
CVSS 7.8
CVE-2021-0388 HIGH
Android 11 - Missing Authorization in ImsPhoneCallTracker Broadcast Handler
CVSS 7.8
Details
Vulnerabilities 8,410
Exploit Likelihood High