CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,411 vulnerabilities with CWE-862
CVE-2020-15338 MEDIUM
Zyxel CloudCNM SecuManager <3.1.1 - Info Disclosure
CVSS 5.3
CVE-2020-15337 MEDIUM
Zyxel CloudCNM SecuManager <3.1.1 - Info Disclosure
CVSS 5.3
CVE-2020-4926 CRITICAL
IBM Elastic Storage System < 6.1.3.0 and Spectrum Scale < 5.1.3.0 - Missing Authorization
CVSS 9.1
CVE-2020-25718 HIGH
samba 4.0.0-4.13.13 - Missing Authorization for RODC Administrator Ticket Printing
CVSS 8.8
CVE-2020-25366 CRITICAL
D-Link DIR-823G REVA1 1.02B05 - Denial of Service via Firmware Upload Endpoint
CVSS 9.1
CVE-2020-24672 CRITICAL
Base Software for SoftControl - Code Injection
CVSS 9.8
CVE-2020-27466 HIGH
rConfig 3.9.6 - Unauthenticated Arbitrary File Write and Remote Code Execution via Template Edit Handler
CVSS 7.8
CVE-2020-27464 HIGH
rconfig < 3.9.6 - Unauthenticated Remote Code Execution via Insecure Update Feature
CVSS 7.8
CVE-2020-25359 CRITICAL
rConfig 3.9.5 - Unauthenticated Arbitrary File Deletion via Logging File Handler
CVSS 9.1
CVE-2020-18757 HIGH
DCCE MAC1100 PLC Firmware - Persistent Denial of Service via Crafted Packet
CVSS 7.5
CVE-2020-18753 CRITICAL
DCCE MAC1100 PLC Firmware - Missing Authorization via Crafted Packet
CVSS 9.8
CVE-2020-20698 HIGH
S-CMS PHP v3.0 - Remote Code Execution via /1.com.php File Modification
CVSS 7.2
CVE-2020-11511 HIGH
LearnPress < 3.2.6.9 - Unauthenticated Privilege Escalation via accept-to-be-teacher Action
CVSS 8.1
CVE-2020-36239 CRITICAL
Atlassian Jira Data Center < 8.5.16 - Missing Authorization
CVSS 9.8
CVE-2020-12734 HIGH
DEPSTECH WiFi Digital Microscope 3 - CSRF
CVSS 8.1
CVE-2020-19038 CRITICAL
Halo 0.4.3 - Unauthenticated File Deletion via delBackup
CVSS 9.1
CVE-2020-22176 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated Sensitive Information Disclosure
CVSS 7.5
CVE-2020-20444 HIGH
Jact OpenClinic 0.8.20160412 - Authenticated Arbitrary File Read via View Source Parameter
CVSS 7.2
CVE-2020-13938 MEDIUM
Apache HTTP Server 2.4.0-2.4.46 - Unauthenticated Denial of Service via Local Stop Command
CVSS 5.5
CVE-2020-10701 MEDIUM
libvirt < 6.2.0 - Unauthenticated Denial of Service via QEMU Agent Response Timeout
CVSS 6.5
CVE-2020-10697 MEDIUM
Ansible Tower < 3.4.6 - Denial of Service via Memcached Cache Pollution
CVSS 4.4
CVE-2020-4669 CRITICAL
IBM Planning Analytics Local 2.0 - Unauthenticated Database Access via MongoDB
CVSS 9.1
CVE-2020-18888 HIGH
puppyCMS <5.1 - Privilege Escalation
CVSS 7.5
CVE-2020-36287 MEDIUM
Atlassian Jira Server/Data Center <8.13.5, 8.14.0-8.15.1 - Unauthenticated Info Disclosure
CVSS 5.3
CVE-2020-13422 HIGH
OpenIAM <4.2.0.3 - Privilege Escalation
CVSS 8.1
Details
Vulnerabilities 8,411
Exploit Likelihood High