The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,417 vulnerabilities with CWE-862
CVE-2020-0177
MEDIUM
Android 10 - Unauthenticated Permissions Bypass in PanService
CVSS 5.5
CVE-2020-0137
HIGH
Android 10 - Missing Authorization in NetworkManagementService
CVSS 7.8
CVE-2020-0135
MEDIUM
Android 10 - Local Information Disclosure via Backup Metadata Exposure
CVSS 4.4
CVE-2020-5362
HIGH
Dell Client Platforms - Unauthenticated BIOS Setup Configuration Reset via Manageability Interface
CVSS 7.1
CVE-2020-13445
HIGH
Liferay Portal <7.3.2 & DXP 7.0-7.2 - RCE
CVSS 8.8
CVE-2020-13270
HIGH
GitLab CE/EE <13.0.1 - Privilege Escalation
CVSS 7.5
CVE-2020-6270
MEDIUM
SAP NetWeaver AS ABAP - Privilege Escalation
CVSS 6.5
CVE-2020-6268
HIGH
SAP ERP - Missing Authorization Check
CVSS 8.1
CVE-2020-13266
MEDIUM
GitLab CE/EE <13.0.1 - Privilege Escalation
CVSS 4.3
CVE-2020-11680
MEDIUM
Castel NextGen DVR v1.0.0 - Missing Authorization
CVSS 6.5
CVE-2020-11679
HIGH
Castel NextGen DVR 1.0.0 - Missing Authorization in Admin User Edit Functionality
CVSS 8.8
CVE-2020-1963
CRITICAL
Apache Ignite < 2.8.0 - Unauthenticated Arbitrary File Access via H2 SQL Functions
CVSS 9.1
CVE-2020-4348
MEDIUM
IBM Spectrum Scale 4.2.0.0-4.2.3.21 and 5.0.0.0-5.0.4.4 - Authenticated Missing Function Level Access Control
CVSS 6.5
CVE-2020-13425
HIGH
TrackR Firmware < 2020-05-06 - Unauthenticated Denial of Service via Beep Feature
CVSS 7.1
CVE-2020-13154
MEDIUM
Zoho ManageEngine Service Plus <11.1.11112 - Info Disclosure
CVSS 6.5
CVE-2020-13144
HIGH
Open edX Ironwood 2.5 - Unauthenticated Remote Code Execution via Custom Python Evaluated Code
CVSS 8.8
CVE-2020-10620
CRITICAL
Opto 22 SoftPAC Project <= 9.6 - Unauthenticated Missing Authorization
CVSS 9.8
CVE-2020-10612
CRITICAL
Opto 22 SoftPAC <9.6 - Privilege Escalation
CVSS 9.1
CVE-2020-0109
HIGH
Android 9-10 - Unauthenticated Privilege Escalation via NotificationManagerService Broadcast Simulation
CVSS 7.8
CVE-2020-0106
MEDIUM
Android 10 - Unauthenticated Local Information Disclosure via Missing SDK Version Check
CVSS 5.5
CVE-2020-0105
HIGH
Android 9-10 - Unauthenticated Local Privilege Escalation via Keyguard Visibility Change
CVSS 7.8
CVE-2020-1996
MEDIUM
PAN-OS 7.1.0-7.1.25 - Unauthenticated Log Injection in Management Server
CVSS 5.3
CVE-2020-12700
MEDIUM
TYPO3 direct_mail <5.2.3 - Info Disclosure
CVSS 4.3
CVE-2020-12698
MEDIUM
TYPO3 direct_mail <5.2.3 - Info Disclosure
CVSS 4.3
CVE-2020-6259
MEDIUM
SAP Adaptive Server Enterprise 15.7, 16.0 - Missing Authorization Check
CVSS 6.5
Details
Vulnerabilities
8,417
Exploit Likelihood
High