CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,410 vulnerabilities with CWE-862
CVE-2021-0385 HIGH
Android 11 - Unauthenticated WiFi Network Connection via Lockscreen Notification Interaction
CVSS 7.8
CVE-2021-0380 HIGH
Android 11 - Missing Authorization in DcTracker.java
CVSS 7.8
CVE-2021-0390 HIGH
Android - Missing Authorization in WifiNetworkSuggestionsManager
CVSS 7.8
CVE-2021-21487 HIGH
SAP Payment Engine 500 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2021-21486 HIGH
SAP Enterprise Financial Services 101-105, 600-606, 616-618, 800 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2021-21327 MEDIUM
GLPI < 9.5.4 - Unauthenticated Unsafe Reflection via Class Instantiation
CVSS 6.8
CVE-2021-21326 HIGH
GLPI < 9.5.4 - Unauthenticated Ticket Creation via Self-Service Interface
CVSS 7.7
CVE-2021-25344 MEDIUM
Knox Custom <SMR Mar-2021 Release 1 - Info Disclosure
CVSS 6.2
CVE-2021-26988 LOW
Clustered Data ONTAP < 9.3P21, 9.5P16, 9.6P12, 9.7P8, 9.8 - Unauthorized Information Disclosure
CVSS 3.5
CVE-2021-22877 MEDIUM
Nextcloud <20.0.6 - Info Disclosure
CVSS 6.5
CVE-2021-21978 CRITICAL
VMware View Planner 4.0-4.5 - Unauthenticated Remote Code Execution via Logupload Arbitrary File Upload
CVSS 9.8
CVE-2021-21255 MEDIUM
GLPI 9.5.3 - Missing Authorization via Entity Switch IDOR
CVSS 5.8
CVE-2021-0403 MEDIUM
Android 11 - Missing Authorization Leading to Local Information Disclosure
CVSS 4.4
CVE-2021-23975 MEDIUM
Firefox < 86.0 - Missing Authorization in about:memory Measure Function
CVSS 6.5
CVE-2021-21307 HIGH
Lucee Server <5.3.7.47-5.3.6.68-5.3.5.96 - RCE
CVSS 8.6
CVE-2021-0328 HIGH
Android - Missing Authorization in GattService Bluetooth Scan Result Retrieval
CVSS 7.8
CVE-2021-21246 HIGH
OneDev < 4.0.3 - Unauthenticated Sensitive Data Leak via UserResource Endpoint
CVSS 8.6
CVE-2021-1143 MEDIUM
Cisco Connected Mobile Experiences - Authenticated User Enumeration via API GET Requests
CVSS 4.3
CVE-2021-23123 MEDIUM
Joomla! 3.0.0-3.9.23 - Unauthenticated Information Disclosure via com_modules orderPosition Endpoint
CVSS 5.3
CVE-2021-21468 MEDIUM
SAP Business Warehouse - Missing Authorization in BW Database Interface
CVSS 6.5
CVE-2021-21467 MEDIUM
SAP Banking Services - Missing Authorization for Business Partner Generic Market Data
CVSS 4.3
CVE-2020-36890 HIGH
Kentico Xperience - Privilege Escalation
CVSS 7.2
CVE-2020-36902 CRITICAL
UBICOD Medivision Digital Signage 1.5.1 - Auth Bypass
CVSS 9.8
CVE-2020-36852 CRITICAL
WordPress Custom Searchable Data Entry System <1.7.1 - SQL Injection
CVSS 9.1
CVE-2020-36840 HIGH
MotoPress plugin <2.3.8 - Auth Bypass
CVSS 7.3
Details
Vulnerabilities 8,410
Exploit Likelihood High