CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,411 vulnerabilities with CWE-862
CVE-2020-29621 MEDIUM
macOS 10.14-10.14.5 and 11.0 - Unauthorized Privacy Preferences Bypass
CVSS 5.5
CVE-2020-36238 MEDIUM
Jira Server and Data Center < 8.5.13 and 8.6.0-8.13.5 - Unauthenticated Username Enumeration via Render API
CVSS 5.3
CVE-2020-14987 HIGH
Bloomreach Experience Manager <14.2.2 - RCE
CVSS 7.2
CVE-2020-10858 MEDIUM
Zulip Desktop <5.0.0 - Info Disclosure
CVSS 5.3
CVE-2020-29604 MEDIUM
MantisBT < 2.24.4 - Missing Authorization for Private Issue Cloning via COPY Group Action
CVSS 6.5
CVE-2020-4816 MEDIUM
IBM Cloud Pak for Security 1.4.0.0 - Information Disclosure via Missing HSTS Enforcement
CVSS 5.9
CVE-2020-7343 MEDIUM
McAfee Agent < 5.7.1 - Missing Authorization for Update Blocking via Temporary Directory Manipulation
CVSS 5.5
CVE-2020-27220 HIGH
Eclipse Hono - Privilege Escalation
CVSS 8.8
CVE-2020-9209 MEDIUM
Huawei SMC2.0 Firmware - Privilege Escalation via Improper Directory Permissions
CVSS 6.7
CVE-2020-5022 MEDIUM
IBM Spectrum Protect Plus 10.1.0-10.1.6 - Unauthenticated Information Disclosure via VDAP Proxy
CVSS 5.3
CVE-2020-16029 HIGH
Google Chrome < 87.0.4280.66 - Navigation Restriction Bypass via Crafted PDF File
CVSS 8.8
CVE-2020-16027 MEDIUM
Google Chrome < 87.0.4280.66 - Insufficient Policy Enforcement in Developer Tools
CVSS 6.5
CVE-2020-35745 HIGH
PHPGURUKUL Hospital Management System 4.0 - Unauthenticated Missing Authorization
CVSS 8.8
CVE-2020-29160 HIGH
Zammad < 3.5.1 - Missing Authorization for Ticket Article Data Modification
CVSS 7.5
CVE-2020-29158 MEDIUM
Zammad < 3.5.1 - Missing Authorization for Internal Articles via Ticket Detail View
CVSS 4.3
CVE-2020-25917 HIGH
Stratodesk NoTouch Center < 4.4.68 - Privilege Escalation via User Creation Endpoint
CVSS 8.8
CVE-2020-35625 HIGH
MediaWiki < 1.35.1 - Unauthenticated Arbitrary Static Function Execution via Widgets Extension HTML Comment
CVSS 8.8
CVE-2020-4841 MEDIUM
IBM Security Secret Server 10.6 - Missing Authorization
CVSS 5.9
CVE-2020-13519 HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-13515 HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-13514 HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-13513 HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-13512 HIGH
NZXT CAM 4.8.0 - Privilege Escalation
CVSS 8.8
CVE-2020-29480 LOW
Xen < 4.14.0 - Missing Authorization in Xenstore Watch Events
CVSS 2.3
CVE-2020-29479 HIGH
Xen < 4.14.0 - Unauthenticated Missing Authorization in Ocaml xenstored
CVSS 8.8
Details
Vulnerabilities 8,411
Exploit Likelihood High