CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,417 vulnerabilities with CWE-862
CVE-2020-6258 MEDIUM
SAP Identity Management <8.0 - Info Disclosure
CVSS 6.5
CVE-2020-6256 MEDIUM
SAP Master Data Governance <805 - Info Disclosure
CVSS 4.3
CVE-2020-12745 HIGH
Samsung Android Q(10.0) - Unauthenticated Clipboard Access via USSD
CVSS 7.5
CVE-2020-11671 HIGH
TeamPass <= 2.1.27.36 - Authenticated Privilege Escalation via REST API
CVSS 8.1
CVE-2020-10187 HIGH
Doorkeeper 5.0.0-5.0.3 - Unauthenticated Information Disclosure via OAuth Authorized Applications Endpoint
CVSS 7.5
CVE-2020-12138 HIGH
AMD ATI atillk64.sys 5.11.9.0 - Missing Authorization via DeviceIoControl Call
CVSS 8.8
CVE-2020-6212 MEDIUM
SAP ERP and S/4 HANA - Missing Authorization Check in Egypt Localized Withholding Tax Reports
CVSS 5.4
CVE-2020-6823 CRITICAL
Firefox < 75.0 - Unauthenticated Authorization Bypass via WebAuthFlow Redirect
CVSS 9.8
CVE-2020-11967 CRITICAL
IQrouter Firmware < 3.3.1 - Unauthenticated Remote Device Control via Missing Authorization
CVSS 9.8
CVE-2020-7278 HIGH
McAfee Endpoint Security for Windows - Improper Access Control in Firewall Rule Handling
CVSS 7.4
CVE-2020-6233 MEDIUM
SAP S/4 HANA Financial Products Subledger and Banking Services - Authenticated Denial of Service via Analysis Report
CVSS 4.3
CVE-2020-6232 MEDIUM
SAP Commerce <1905 - Info Disclosure
CVSS 5.3
CVE-2020-9514 MEDIUM
IMPress for IDX Broker < 2.6.2 - Authenticated Arbitrary Post Deletion and Creation via wrappers.php
CVSS 6.5
CVE-2020-11514 CRITICAL
Rank Math SEO < 1.0.40.2 - Unauthenticated Arbitrary Metadata Update via rankmath/v1/updateMeta Endpoint
CVSS 9.8
CVE-2020-10689 MEDIUM
Eclipse Che <7.8.x - Privilege Escalation
CVSS 6.4
CVE-2020-11465 HIGH
Deskpro < 2019.8.0 - Missing Authorization in API Apps Endpoint
CVSS 8.8
CVE-2020-11463 HIGH
Deskpro < 2019.8.0 - Missing Authorization in Email Accounts API
CVSS 7.5
CVE-2020-10955 MEDIUM
GitLab EE/CE <12.9 - Info Disclosure
CVSS 6.5
CVE-2020-10684 HIGH
Ansible Engine <2.7.17, 2.8.9, 2.9.6 - Privilege Escalation/Code In...
CVSS 7.9
CVE-2020-8139 MEDIUM
Nextcloud Server <18.0.1-<16.0.9 - Info Disclosure
CVSS 6.5
CVE-2020-10194 MEDIUM
Zimbra zm-mailbox < 8.8.15.p8 - Authenticated Missing Authorization in AutoCompleteGal
CVSS 6.5
CVE-2020-1720 LOW
PostgreSQL <12.2-9.6.17 - Privilege Escalation
CVSS 3.1
CVE-2020-10116 MEDIUM
cPanel 77.9999.110-78.0.45 - Missing Authorization via WebDisk UAPI Calls
CVSS 5.3
CVE-2020-6209 HIGH
SAP Disclosure Mgmt <10.1 - Privilege Escalation
CVSS 7.5
CVE-2020-6204 MEDIUM
SAP Treasury and Risk Management - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 8,417
Exploit Likelihood High