The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,410 vulnerabilities with CWE-862
CVE-2021-0385
HIGH
Android 11 - Unauthenticated WiFi Network Connection via Lockscreen Notification Interaction
CVSS 7.8
CVE-2021-0380
HIGH
Android 11 - Missing Authorization in DcTracker.java
CVSS 7.8
CVE-2021-0390
HIGH
Android - Missing Authorization in WifiNetworkSuggestionsManager
CVSS 7.8
CVE-2021-21487
HIGH
SAP Payment Engine 500 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2021-21486
HIGH
SAP Enterprise Financial Services 101-105, 600-606, 616-618, 800 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2021-21327
MEDIUM
GLPI < 9.5.4 - Unauthenticated Unsafe Reflection via Class Instantiation
CVSS 6.8
CVE-2021-21326
HIGH
GLPI < 9.5.4 - Unauthenticated Ticket Creation via Self-Service Interface
CVSS 7.7
CVE-2021-25344
MEDIUM
Knox Custom <SMR Mar-2021 Release 1 - Info Disclosure
CVSS 6.2
CVE-2021-26988
LOW
Clustered Data ONTAP < 9.3P21, 9.5P16, 9.6P12, 9.7P8, 9.8 - Unauthorized Information Disclosure
CVSS 3.5
CVE-2021-22877
MEDIUM
Nextcloud <20.0.6 - Info Disclosure
CVSS 6.5
CVE-2021-21978
CRITICAL
VMware View Planner 4.0-4.5 - Unauthenticated Remote Code Execution via Logupload Arbitrary File Upload
CVSS 9.8
CVE-2021-21255
MEDIUM
GLPI 9.5.3 - Missing Authorization via Entity Switch IDOR
CVSS 5.8
CVE-2021-0403
MEDIUM
Android 11 - Missing Authorization Leading to Local Information Disclosure
CVSS 4.4
CVE-2021-23975
MEDIUM
Firefox < 86.0 - Missing Authorization in about:memory Measure Function
CVSS 6.5
CVE-2021-21307
HIGH
Lucee Server <5.3.7.47-5.3.6.68-5.3.5.96 - RCE
CVSS 8.6
CVE-2021-0328
HIGH
Android - Missing Authorization in GattService Bluetooth Scan Result Retrieval
CVSS 7.8
CVE-2021-21246
HIGH
OneDev < 4.0.3 - Unauthenticated Sensitive Data Leak via UserResource Endpoint
CVSS 8.6
CVE-2021-1143
MEDIUM
Cisco Connected Mobile Experiences - Authenticated User Enumeration via API GET Requests
CVSS 4.3
CVE-2021-23123
MEDIUM
Joomla! 3.0.0-3.9.23 - Unauthenticated Information Disclosure via com_modules orderPosition Endpoint
CVSS 5.3
CVE-2021-21468
MEDIUM
SAP Business Warehouse - Missing Authorization in BW Database Interface
CVSS 6.5
CVE-2021-21467
MEDIUM
SAP Banking Services - Missing Authorization for Business Partner Generic Market Data
CVSS 4.3
CVE-2020-36890
HIGH
Kentico Xperience - Privilege Escalation
CVSS 7.2
CVE-2020-36902
CRITICAL
UBICOD Medivision Digital Signage 1.5.1 - Auth Bypass
CVSS 9.8
CVE-2020-36852
CRITICAL
WordPress Custom Searchable Data Entry System <1.7.1 - SQL Injection
CVSS 9.1
CVE-2020-36840
HIGH
MotoPress plugin <2.3.8 - Auth Bypass
CVSS 7.3
Details
Vulnerabilities
8,410
Exploit Likelihood
High