CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,421 vulnerabilities with CWE-862
CVE-2020-5228 HIGH
Opencast < 7.6 - Unauthenticated Unauthorized Access via OAI-PMH
CVSS 7.6
CVE-2020-2094 MEDIUM
Jenkins Health Advisor by CloudBees < 3.0 - Missing Authorization for Email Sending
CVSS 4.3
CVE-2020-2091 HIGH
Jenkins Amazon EC2 Plugin < 1.47 - Server-Side Request Forgery via AWS Credentials
CVSS 8.1
CVE-2020-6306 LOW
SAP Leasing <6.18 - Privilege Escalation
CVSS 2.7
CVE-2020-6168 HIGH
WordPress Minimal Coming Soon & Maintenance Mode <2.10 - Privilege ...
CVSS 7.6
CVE-2019-25351 HIGH
Centova Cast 3.2.11 - Path Traversal
CVSS 8.8
CVE-2019-25217 CRITICAL
SiteGround Optimizer <5.0.12 - Auth Bypass/RCE
CVSS 9.8
CVE-2019-25215 HIGH
ARI-Adminer <= 1.1.14 - Unauthenticated Authorization Bypass via Direct File Access
CVSS 7.3
CVE-2019-25214 HIGH
ShopWP <= 2.0.4 - Unauthenticated Authorization Bypass via REST API Routes
CVSS 7.2
CVE-2019-25143 MEDIUM
GDPR Cookie Compliance <4.0.2 - Auth Bypass
CVSS 5.4
CVE-2019-25142 HIGH
WordPress Mesmerize & Materialis <1.6.89-1.0.172 - Authenticated Op...
CVSS 8.8
CVE-2019-25141 CRITICAL
Easy WP SMTP < 1.3.9 - Unauthenticated Authorization Bypass via admin_init()
CVSS 9.8
CVE-2019-25139 MEDIUM
Coming Soon Page & Maintenance Mode <1.8.1 - Info Disclosure
CVSS 6.5
CVE-2019-11785 MEDIUM
Odoo < 13.0 - Authenticated Improper Access Control in Mail Module Followers
CVSS 4.3
CVE-2019-11784 MEDIUM
Odoo < 14.0 - Authenticated Improper Access Control in Mail Module Notifications
CVSS 6.5
CVE-2019-11783 MEDIUM
Odoo < 14.0 - Authenticated Improper Access Control in Mail Module
CVSS 6.5
CVE-2019-19885 CRITICAL
Bender COMTRAXX < 4.2.0 - Missing Authorization
CVSS 9.1
CVE-2019-20887 MEDIUM
Mattermost Server < 4.10.6 - Missing Authorization for Intra-Team Post Access
CVSS 4.3
CVE-2019-20885 HIGH
Mattermost Server < 5.8.0 - Missing Authorization for robots.txt Generation
CVSS 7.5
CVE-2019-20801 MEDIUM
Readdle Documents < 6.9.7 - Unauthenticated Data Access via Cross-Origin WebSocket
CVSS 5.3
CVE-2019-15877 MEDIUM
FreeBSD <12.1-RELEASE-p3 - Privilege Escalation
CVSS 5.5
CVE-2019-15876 MEDIUM
FreeBSD <12.1-RELEASE-p3, <11.3-RELEASE-p7 - Privilege Escalation
CVSS 5.5
CVE-2019-14116 HIGH
Qualcomm IPQ6018 Firmware - Privilege Escalation via Altered Debug Policy Image
CVSS 7.8
CVE-2019-20676 MEDIUM
NETGEAR Multiple Switches - Missing Function-Level Access Control
CVSS 6.0
CVE-2019-20614 HIGH
Samsung Android N(7.x)-P(9.0) - Missing Authorization in Allshare
CVSS 7.5
Details
Vulnerabilities 8,421
Exploit Likelihood High