CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,421 vulnerabilities with CWE-862
CVE-2019-15953 HIGH
Total.js CMS 12.0.0 - Privilege Escalation
CVSS 8.8
CVE-2019-15871 MEDIUM
WordPress <1.1.4 - Privilege Escalation
CVSS 4.3
CVE-2019-13408 HIGH
Advan VD-1 Firmware < 230 - Unauthenticated Path Traversal via ExportSettings.cgi Download Parameter
CVSS 7.5
CVE-2019-11248 HIGH
Kubernetes < 1.12.10, 1.13.8, 1.14.4, 1.15.0 - Unauthenticated Information Disclosure via /debug/pprof Endpoint
CVSS 8.2
CVE-2019-15648 MEDIUM
insert-or-embed-articulate-content-into-wordpress < 4.29991 - Unauthenticated Path Traversal
CVSS 6.5
CVE-2019-13013 MEDIUM
Little Snitch 4.3.0-4.3.2 - Unauthenticated Local Privilege Escalation via XPC Interface
CVSS 5.5
CVE-2019-8445 MEDIUM
Jira Server 7.13.0-7.13.6 and 8.0.0-8.3.1 - Unauthenticated Worklog Information Disclosure via Missing Authorization
CVSS 5.3
CVE-2019-2137 MEDIUM
Android - Denial of Service in TelecomManager endCall Function
CVSS 5.5
CVE-2019-15136 HIGH
eProsima Fast RTPS < 1.9.0 - Missing Authorization in Access Control Plugin
CVSS 7.5
CVE-2019-14786 MEDIUM
Rank Math SEO < 1.0.27.1 - Authenticated Settings Reset via reset-cmb Parameter
CVSS 6.5
CVE-2019-1170 HIGH
Windows 10 and Windows Server 2016/2019 - Privilege Escalation via Reparse Point Creation
CVSS 7.9
CVE-2019-0349 HIGH
SAP Kernel (ABAP Debugger) - Missing Authorization Check for 'Go to statement'
CVSS 7.2
CVE-2019-14793 MEDIUM
Meta Box < 4.16.3 - Authenticated Arbitrary File Deletion via AJAX Action
CVSS 6.5
CVE-2019-10389 MEDIUM
Jenkins Relution Enterprise Appstore Publisher < 1.24 - Server-Side Request Forgery
CVSS 4.3
CVE-2019-10387 MEDIUM
Jenkins XL TestView Plugin < 1.2.0 - Missing Authorization in XLTestView.XLTestDescriptor#doTestConnection
CVSS 6.5
CVE-2019-10377 MEDIUM
Jenkins Avatar Plugin < 1.2 - Missing Authorization for User Avatar Changes
CVSS 4.3
CVE-2019-10369 MEDIUM
Jenkins JClouds Plugin < 2.14 - Missing Authorization in Test Connection Endpoint
CVSS 6.5
CVE-2019-5995 MEDIUM
Canon EOS and PowerShot Cameras - Missing Authorization for Firmware Update
CVSS 6.5
CVE-2019-14473 HIGH
eQ-3 Homematic CCU2/CCU3 - Privilege Escalation
CVSS 8.8
CVE-2019-14475 HIGH
eQ-3 Homematic CCU2 <2.47.15 & CCU3 <3.47.15 - Privilege Escalation
CVSS 7.5
CVE-2019-14544 CRITICAL
Gogs 0.11.86 - Privilege Escalation
CVSS 9.8
CVE-2019-10167 HIGH
libvirt <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10187 MEDIUM
Moodle <3.7.1-3.5.7 - Privilege Escalation
CVSS 4.3
CVE-2019-10357 MEDIUM
Jenkins Pipeline < 2.14 - Missing Authorization for SCM Repository Content
CVSS 4.3
CVE-2019-10344 MEDIUM
Jenkins Configuration as Code Plugin < 1.24 - Missing Authorization in HTTP Endpoints
CVSS 4.3
Details
Vulnerabilities 8,421
Exploit Likelihood High