CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,417 vulnerabilities with CWE-862
CVE-2020-0177 MEDIUM
Android 10 - Unauthenticated Permissions Bypass in PanService
CVSS 5.5
CVE-2020-0137 HIGH
Android 10 - Missing Authorization in NetworkManagementService
CVSS 7.8
CVE-2020-0135 MEDIUM
Android 10 - Local Information Disclosure via Backup Metadata Exposure
CVSS 4.4
CVE-2020-5362 HIGH
Dell Client Platforms - Unauthenticated BIOS Setup Configuration Reset via Manageability Interface
CVSS 7.1
CVE-2020-13445 HIGH
Liferay Portal <7.3.2 & DXP 7.0-7.2 - RCE
CVSS 8.8
CVE-2020-13270 HIGH
GitLab CE/EE <13.0.1 - Privilege Escalation
CVSS 7.5
CVE-2020-6270 MEDIUM
SAP NetWeaver AS ABAP - Privilege Escalation
CVSS 6.5
CVE-2020-6268 HIGH
SAP ERP - Missing Authorization Check
CVSS 8.1
CVE-2020-13266 MEDIUM
GitLab CE/EE <13.0.1 - Privilege Escalation
CVSS 4.3
CVE-2020-11680 MEDIUM
Castel NextGen DVR v1.0.0 - Missing Authorization
CVSS 6.5
CVE-2020-11679 HIGH
Castel NextGen DVR 1.0.0 - Missing Authorization in Admin User Edit Functionality
CVSS 8.8
CVE-2020-1963 CRITICAL
Apache Ignite < 2.8.0 - Unauthenticated Arbitrary File Access via H2 SQL Functions
CVSS 9.1
CVE-2020-4348 MEDIUM
IBM Spectrum Scale 4.2.0.0-4.2.3.21 and 5.0.0.0-5.0.4.4 - Authenticated Missing Function Level Access Control
CVSS 6.5
CVE-2020-13425 HIGH
TrackR Firmware < 2020-05-06 - Unauthenticated Denial of Service via Beep Feature
CVSS 7.1
CVE-2020-13154 MEDIUM
Zoho ManageEngine Service Plus <11.1.11112 - Info Disclosure
CVSS 6.5
CVE-2020-13144 HIGH
Open edX Ironwood 2.5 - Unauthenticated Remote Code Execution via Custom Python Evaluated Code
CVSS 8.8
CVE-2020-10620 CRITICAL
Opto 22 SoftPAC Project <= 9.6 - Unauthenticated Missing Authorization
CVSS 9.8
CVE-2020-10612 CRITICAL
Opto 22 SoftPAC <9.6 - Privilege Escalation
CVSS 9.1
CVE-2020-0109 HIGH
Android 9-10 - Unauthenticated Privilege Escalation via NotificationManagerService Broadcast Simulation
CVSS 7.8
CVE-2020-0106 MEDIUM
Android 10 - Unauthenticated Local Information Disclosure via Missing SDK Version Check
CVSS 5.5
CVE-2020-0105 HIGH
Android 9-10 - Unauthenticated Local Privilege Escalation via Keyguard Visibility Change
CVSS 7.8
CVE-2020-1996 MEDIUM
PAN-OS 7.1.0-7.1.25 - Unauthenticated Log Injection in Management Server
CVSS 5.3
CVE-2020-12700 MEDIUM
TYPO3 direct_mail <5.2.3 - Info Disclosure
CVSS 4.3
CVE-2020-12698 MEDIUM
TYPO3 direct_mail <5.2.3 - Info Disclosure
CVSS 4.3
CVE-2020-6259 MEDIUM
SAP Adaptive Server Enterprise 15.7, 16.0 - Missing Authorization Check
CVSS 6.5
Details
Vulnerabilities 8,417
Exploit Likelihood High