CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,421 vulnerabilities with CWE-862
CVE-2019-2218 HIGH
Android 8.0-10 - Missing Authorization in PackageInstallerService
CVSS 7.8
CVE-2019-12734 HIGH
SiteVision 4.0-4.5.6 - Missing Authorization
CVSS 8.8
CVE-2019-15998 MEDIUM
Cisco IOS XR - Improper Access Control in NETCONF over SSH
CVSS 5.3
CVE-2019-5865 MEDIUM
Google Chrome < 76.0.3809.87 - Site Isolation Bypass via Crafted HTML Page
CVSS 6.5
CVE-2019-13673 HIGH
Google Chrome <77.0.3865.75 - Info Disclosure
CVSS 7.4
CVE-2019-14822 HIGH
ibus < 1.5.22 - Unauthenticated Method Call Interception via DBus Server Misconfiguration
CVSS 7.1
CVE-2019-18610 HIGH
Asterisk 13.x-13.29.2 and 16.x-17.x - Authenticated Remote Code Execution via Originate AMI Request
CVSS 8.8
CVE-2019-18790 MEDIUM
Sangoma Asterisk <13.29.2,16.6.2,17.0.1 - Privilege Escalation
CVSS 6.5
CVE-2019-16547 MEDIUM
Jenkins Google Compute Engine Plugin <4.1.1 - Info Disclosure
CVSS 4.3
CVE-2019-15387 LOW
Archos Core 101 Firmware - Missing Authorization in com.roco.autogen Wi-Fi Control Interface
CVSS 3.3
CVE-2019-15386 MEDIUM
Lava Z60s Firmware - Missing Authorization in com.mediatek.wfo.impl
CVSS 5.5
CVE-2019-0386 MEDIUM
SAP ERP Sales and S4HANA Sales - Missing Authorization in Order Processing
CVSS 6.3
CVE-2019-15005 MEDIUM
Atlassian Troubleshooting and Support Tools < 1.17.2 - Unauthenticated Missing Authorization
CVSS 4.3
CVE-2019-6121 LOW
NiceHash Miner < 2.0.3.0 - Missing Authorization
CVSS 3.7
CVE-2019-18674 MEDIUM
Joomla! 3.6.0-3.9.12 - Path Disclosure via phputf8 Mapping Files
CVSS 5.3
CVE-2019-16909 MEDIUM
Infosysta In-App & Desktop Notifications < 1.6.14_j8 - Missing Authorization via NotificationSettings Endpoint
CVSS 4.3
CVE-2019-16907 MEDIUM
Infosysta In-App & Desktop Notifications 1.6.13_J8 - Unauthenticated User Enumeration via UserFilter Endpoint
CVSS 5.3
CVE-2019-16906 HIGH
Infosysta In-App & Desktop Notifications 1.6.13_J8 - Unauthenticated Authorization Bypass via Push Notification Endpoint
CVSS 7.5
CVE-2019-13547 CRITICAL
Advantech WISE-PaaS/RMM <3.3.29 - Info Disclosure
CVSS 9.8
CVE-2019-5095 MEDIUM
Atlassian Jira Tempo <4.10.0 - Info Disclosure
CVSS 4.3
CVE-2019-18383 HIGH
TerraMaster FS-210 4.0.19 - Unauthenticated Backup File Download
CVSS 7.5
CVE-2019-15850 HIGH
eQ-3 HomeMatic CCU3 Firmware 3.41.11 - Authenticated Remote Code Execution via ReGa.runScript Method
CVSS 8.8
CVE-2019-16698 MEDIUM
TYPO3 direct_mail <5.2.2 - Info Disclosure
CVSS 4.3
CVE-2019-10457 MEDIUM
Jenkins Oracle Cloud Infrastructure Compute Classic Plugin < 1.0.0 - Missing Authorization
CVSS 4.3
CVE-2019-10455 MEDIUM
Jenkins Rundeck Plugin < 3.6.5 and org.jenkins-ci.plugins/rundeck < 3.6.6 - Missing Authorization for URL Connection
CVSS 4.3
Details
Vulnerabilities 8,421
Exploit Likelihood High