CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,411 vulnerabilities with CWE-862
CVE-2020-25711 MEDIUM
Infinispan < 11.0.6 - Missing Authorization for Server Management Operations
CVSS 6.5
CVE-2020-23735 HIGH
Saibo Cyber Game Accelerator <3.7.9 - Privilege Escalation
CVSS 7.8
CVE-2020-2323 MEDIUM
Jenkins Chaos Monkey Plugin <0.4 - Privilege Escalation
CVSS 5.3
CVE-2020-2322 HIGH
Jenkins Chaos Monkey Plugin <0.3 - DoS
CVSS 7.5
CVE-2020-26212 HIGH
GLPI < 9.5.3 - Authenticated Unauthorized Planning Access via CalDAV
CVSS 7.7
CVE-2020-29006 CRITICAL
MISP < 2.4.135 - Missing Authorization in Galaxy Elements Controller
CVSS 9.8
CVE-2020-26231 MEDIUM
October CMS 1.0.469 - Authenticated Arbitrary PHP Execution via Twig Sandbox Escape
CVSS 5.2
CVE-2020-15247 MEDIUM
October CMS <1.0.469 - Code Injection
CVSS 5.2
CVE-2020-4783 MEDIUM
IBM Spectrum Protect Plus 10.1.0-10.1.6 - Information Disclosure via Missing HSTS Enforcement
CVSS 5.9
CVE-2020-27192 HIGH
BinaryNights ForkLift <3.4 - Code Injection
CVSS 7.8
CVE-2020-15349 HIGH
BinaryNights ForkLift <3.4 - Privilege Escalation
CVSS 7.8
CVE-2020-23489 HIGH
AVideo < 8.9 - File Deletion and Privilege Escalation via import.json.php
CVSS 8.8
CVE-2020-28368 MEDIUM
Xen < 4.14.0 - Unauthenticated Sensitive Information Disclosure via Power Monitoring Side-Channel
CVSS 4.4
CVE-2020-6316 MEDIUM
SAP ERP and S/4 HANA - Authenticated Missing Authorization in PS Reporting
CVSS 4.3
CVE-2020-26818 HIGH
SAP NetWeaver AS ABAP (Web Dynpro) - Info Disclosure
CVSS 8.8
CVE-2020-0454 MEDIUM
Android 9 - Missing Authorization Check in ConnectivityService
CVSS 5.5
CVE-2020-0448 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in TelecomServiceImpl
CVSS 5.5
CVE-2020-0439 HIGH
Android 8.0-11 - Unauthenticated Permissions Bypass via PackageManagerService
CVSS 7.8
CVE-2020-0437 MEDIUM
Android 8.0-11 - Unauthenticated Denial of Service in CellBroadcastReceiver Intent Handlers
CVSS 5.5
CVE-2020-2302 MEDIUM
Jenkins Active Directory Plugin <2.19 - Info Disclosure
CVSS 4.3
CVE-2020-28036 CRITICAL
WordPress < 5.5.2 - Missing Authorization via XML-RPC Comment
CVSS 9.8
CVE-2020-27998 CRITICAL
FastReport < 2020.4.0 - Missing Authorization for Script Security Features
CVSS 9.8
CVE-2020-16260 HIGH
Winston 1.5.4 - Missing Authorization
CVSS 7.5
CVE-2020-26649 HIGH
AtomXCMS 2.0 - Missing Authorization via admin/dump.php
CVSS 8.1
CVE-2020-15245 MEDIUM
Sylius <1.6.9, <1.7.9, <1.8.3 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 8,411
Exploit Likelihood High