CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,421 vulnerabilities with CWE-862
CVE-2019-10161 HIGH
libvirtd <4.10.1-5.4.1 - Info Disclosure
CVSS 7.8
CVE-2019-5449 MEDIUM
Nextcloud Server < 15.0.1 - Unauthorized Calendar Event Name Disclosure
CVSS 4.3
CVE-2019-10184 HIGH
undertow <2.0.23.Final - Info Disclosure
CVSS 7.5
CVE-2019-11702 MEDIUM
Firefox < 67.0.2 - Unauthenticated Local File Access via IE Protocol Handler
CVSS 6.5
CVE-2019-11700 MEDIUM
Firefox < 67.0 - Unauthenticated Local File Access via res: Protocol Hyperlink
CVSS 6.5
CVE-2019-1010152 CRITICAL
zzcms < 8.3 - Unauthenticated File Deletion and Remote Code Execution via user/manage.php
CVSS 9.8
CVE-2019-1010150 CRITICAL
zzcms < 8.3 - Unauthenticated File Deletion and Remote Code Execution via /user/zssave.php
CVSS 9.8
CVE-2019-1010149 CRITICAL
zzcms < 8.3 - File Deletion to Remote Code Execution via user/licence_save.php
CVSS 9.8
CVE-2019-1010246 HIGH
MailCleaner < 2019-01-21 - Unauthenticated MySQL Password Disclosure via NewslettersController.php
CVSS 7.5
CVE-2019-1010066 HIGH
LLNL model_specific_registers-safe < 1.2.0 - Unauthenticated MSR Modification via ioctl Bypass
CVSS 7.5
CVE-2019-10354 MEDIUM
Jenkins < 2.176.1 and < 2.185 - Missing Authorization via Stapler Web Framework
CVSS 4.3
CVE-2019-1010304 MEDIUM
Saleor 2.0.0-2.3.0 - Unauthenticated Incorrect Access Control in ProductVariant GraphQL API
CVSS 5.3
CVE-2019-10342 MEDIUM
Jenkins Docker Plugin < 1.1.6 - Missing Authorization in fillCredentialsIdItems Methods
CVSS 4.3
CVE-2019-10341 MEDIUM
Jenkins Docker Plugin < 1.1.6 - Missing Authorization in Test Connection Feature
CVSS 6.5
CVE-2019-0325 MEDIUM
SAP ERP HCM 3 - Missing Authorization for Payroll Data Report
CVSS 4.2
CVE-2019-12470 MEDIUM
MediaWiki <= 1.32.1 - Incorrect Access Control in RevisionDelete Page
CVSS 6.5
CVE-2019-12469 MEDIUM
MediaWiki < 1.27.6 - Incorrect Access Control
CVSS 6.5
CVE-2019-13450 MEDIUM
RingCentral 7.0.136380.0312 - Unauthenticated Forced Video Call Activation via Localhost Web Server
CVSS 6.5
CVE-2019-12926 HIGH
MailEnable 6.0-<6.90 - Missing Authorization
CVSS 8.8
CVE-2019-2117 MEDIUM
Android 7.0-9 - Unauthenticated Local Information Disclosure via TelephonyProvider Permission Check
CVSS 5.5
CVE-2019-7272 MEDIUM
Optergy Proton/Enterprise - Info Disclosure
CVSS 5.3
CVE-2019-13047 HIGH
ToaruOS < 1.10.9 - Unauthenticated Arbitrary Kernel Memory Mapping via TOARU_SYS_FUNC_SETHEAP
CVSS 7.8
CVE-2019-10175 MEDIUM
virt-cdi-cloner 1.4 - Privilege Escalation
CVSS 6.5
CVE-2019-4158 MEDIUM
IBM Security Access Manager 9.0.1-9.0.6 - Missing Authorization
CVSS 5.4
CVE-2019-6961 MEDIUM
RDK RDKB-20181217-1 WebUI - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities 8,421
Exploit Likelihood High