CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,417 vulnerabilities with CWE-862
CVE-2020-6199 MEDIUM
SAP ERP <618 - SAP FIN <730, S4HANA <105 - Missing Authorization Check
CVSS 5.4
CVE-2020-0085 HIGH
Android 10 - Missing Authorization in PanService Bluetooth Tethering
CVSS 7.8
CVE-2020-0084 HIGH
Android 10 - Unauthenticated Privilege Escalation via NotificationManagerService Permission Bypass
CVSS 7.8
CVE-2020-0054 HIGH
Android 10 - Missing Authorization in WifiNetworkSuggestionsManager
CVSS 7.8
CVE-2020-0047 LOW
Android - Local Privilege Escalation
CVSS 3.3
CVE-2020-0035 MEDIUM
Android 8.0-9 - Unauthenticated Local Information Disclosure via TelephonyProvider
CVSS 5.5
CVE-2020-10257 CRITICAL
ThemeREX Addons < 2020-03-09 - Unauthenticated Remote Code Execution via REST API Endpoint
CVSS 9.8
CVE-2020-2142 MEDIUM
Jenkins P4 Plugin < 1.10.10 - Unauthenticated Build Trigger via Missing Permission Check
CVSS 4.3
CVE-2020-9458 HIGH
RegistrationMagic < 4.6.0.3 - Authenticated Unauthorized Data Export via Export Function
CVSS 8.8
CVE-2020-9457 HIGH
RegistrationMagic < 4.6.0.3 - Authenticated Privilege Escalation via Form Import
CVSS 8.8
CVE-2020-9456 HIGH
RegistrationMagic < 4.6.0.3 - Authenticated Privilege Escalation via User Controller
CVSS 8.8
CVE-2020-9455 MEDIUM
RegistrationMagic < 4.6.0.3 - Authenticated Arbitrary Email Sending via send_email_user_view
CVSS 4.3
CVE-2020-0023 MEDIUM
Android 10 - Missing Authorization Check in AdapterService
CVSS 5.5
CVE-2020-6188 HIGH
SAP ERP/S/4 HANA - Missing Authorization Check
CVSS 8.8
CVE-2020-6183 MEDIUM
SAP Host Agent 7.21 - Info Disclosure
CVSS 6.5
CVE-2020-6393 MEDIUM
Google Chrome <80.0.3987.87 - Info Disclosure
CVSS 6.5
CVE-2020-8811 MEDIUM
Bludit 3.10.0 - Authenticated Missing Authorization in Profile Picture Upload
CVSS 4.3
CVE-2020-8772 CRITICAL
InfiniteWP Client <1.9.4.5 - Privilege Escalation
CVSS 9.8
CVE-2020-7968 HIGH
GitLab EE <12.7.2 - Info Disclosure
CVSS 7.5
CVE-2020-7993 MEDIUM
Prototype 1.6.0.1 - Authenticated Ticket Forgery via Email ID Field
CVSS 4.3
CVE-2020-8495 HIGH
Kronos Web Time and Attendance <4.0 - Privilege Escalation
CVSS 7.5
CVE-2020-5228 HIGH
Opencast < 7.6 - Unauthenticated Unauthorized Access via OAI-PMH
CVSS 7.6
CVE-2020-2094 MEDIUM
Jenkins Health Advisor by CloudBees < 3.0 - Missing Authorization for Email Sending
CVSS 4.3
CVE-2020-2091 HIGH
Jenkins Amazon EC2 Plugin < 1.47 - Server-Side Request Forgery via AWS Credentials
CVSS 8.1
CVE-2020-6306 LOW
SAP Leasing <6.18 - Privilege Escalation
CVSS 2.7
Details
Vulnerabilities 8,417
Exploit Likelihood High