The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,417 vulnerabilities with CWE-862
CVE-2020-6199
MEDIUM
SAP ERP <618 - SAP FIN <730, S4HANA <105 - Missing Authorization Check
CVSS 5.4
CVE-2020-0085
HIGH
Android 10 - Missing Authorization in PanService Bluetooth Tethering
CVSS 7.8
CVE-2020-0084
HIGH
Android 10 - Unauthenticated Privilege Escalation via NotificationManagerService Permission Bypass
CVSS 7.8
CVE-2020-0054
HIGH
Android 10 - Missing Authorization in WifiNetworkSuggestionsManager
CVSS 7.8
CVE-2020-0047
LOW
Android - Local Privilege Escalation
CVSS 3.3
CVE-2020-0035
MEDIUM
Android 8.0-9 - Unauthenticated Local Information Disclosure via TelephonyProvider
CVSS 5.5
CVE-2020-10257
CRITICAL
ThemeREX Addons < 2020-03-09 - Unauthenticated Remote Code Execution via REST API Endpoint
CVSS 9.8
CVE-2020-2142
MEDIUM
Jenkins P4 Plugin < 1.10.10 - Unauthenticated Build Trigger via Missing Permission Check
CVSS 4.3
CVE-2020-9458
HIGH
RegistrationMagic < 4.6.0.3 - Authenticated Unauthorized Data Export via Export Function
CVSS 8.8
CVE-2020-9457
HIGH
RegistrationMagic < 4.6.0.3 - Authenticated Privilege Escalation via Form Import
CVSS 8.8
CVE-2020-9456
HIGH
RegistrationMagic < 4.6.0.3 - Authenticated Privilege Escalation via User Controller
CVSS 8.8
CVE-2020-9455
MEDIUM
RegistrationMagic < 4.6.0.3 - Authenticated Arbitrary Email Sending via send_email_user_view
CVSS 4.3
CVE-2020-0023
MEDIUM
Android 10 - Missing Authorization Check in AdapterService
CVSS 5.5
CVE-2020-6188
HIGH
SAP ERP/S/4 HANA - Missing Authorization Check
CVSS 8.8
CVE-2020-6183
MEDIUM
SAP Host Agent 7.21 - Info Disclosure
CVSS 6.5
CVE-2020-6393
MEDIUM
Google Chrome <80.0.3987.87 - Info Disclosure
CVSS 6.5
CVE-2020-8811
MEDIUM
Bludit 3.10.0 - Authenticated Missing Authorization in Profile Picture Upload
CVSS 4.3
CVE-2020-8772
CRITICAL
InfiniteWP Client <1.9.4.5 - Privilege Escalation
CVSS 9.8
CVE-2020-7968
HIGH
GitLab EE <12.7.2 - Info Disclosure
CVSS 7.5
CVE-2020-7993
MEDIUM
Prototype 1.6.0.1 - Authenticated Ticket Forgery via Email ID Field
CVSS 4.3
CVE-2020-8495
HIGH
Kronos Web Time and Attendance <4.0 - Privilege Escalation
CVSS 7.5
CVE-2020-5228
HIGH
Opencast < 7.6 - Unauthenticated Unauthorized Access via OAI-PMH
CVSS 7.6
CVE-2020-2094
MEDIUM
Jenkins Health Advisor by CloudBees < 3.0 - Missing Authorization for Email Sending
CVSS 4.3
CVE-2020-2091
HIGH
Jenkins Amazon EC2 Plugin < 1.47 - Server-Side Request Forgery via AWS Credentials
CVSS 8.1
CVE-2020-6306
LOW
SAP Leasing <6.18 - Privilege Escalation
CVSS 2.7
Details
Vulnerabilities
8,417
Exploit Likelihood
High