The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,421 vulnerabilities with CWE-862
CVE-2019-2005
HIGH
Android 8.0-9 - Missing Authorization in GrantPermissionsActivity
CVSS 8.8
CVE-2019-12875
MEDIUM
Alpine Linux abuild < 3.4.0 - Unauthenticated Untrusted Package Addition via Keys Directory Option
CVSS 6.5
CVE-2019-6580
CRITICAL
Siveillance VMS <2019 R1 V13.1a Unauthenticated Missing Authorization
CVSS 9.8
CVE-2019-10339
HIGH
Jenkins JX Resources Plugin <= 1.0.36 - Missing Authorization in GlobalPluginConfiguration
CVSS 8.8
CVE-2019-10333
MEDIUM
Jenkins ElectricFlow < 1.1.5 - Missing Authorization in HTTP Endpoints
CVSS 4.3
CVE-2019-10332
MEDIUM
Jenkins ElectricFlow < 1.1.5 - Missing Authorization in Configuration Connection Test
CVSS 4.3
CVE-2019-2098
HIGH
Android 7.0-9 - Missing Authorization in NotificationManagerService
CVSS 7.8
CVE-2019-2092
HIGH
Android 7.0-9 - Missing Authorization in DevicePolicyManagerService
CVSS 7.8
CVE-2019-2091
HIGH
Android 7.0-8.1 - Unauthenticated Permissions Bypass in DevicePolicyManagerService
CVSS 7.8
CVE-2019-2090
HIGH
Android 7.0-9 - Missing Authorization in PackageManagerService
CVSS 7.8
CVE-2019-12274
HIGH
Rancher 1-2.2.3 - Privilege Escalation
CVSS 8.8
CVE-2019-10147
HIGH
rkt < 1.30.0 - Missing Authorization via rkt enter Command
CVSS 7.7
CVE-2019-10145
HIGH
rkt < 1.30.0 - Missing Authorization via rkt enter Command
CVSS 7.7
CVE-2019-10330
HIGH
Jenkins Gitea Plugin <= 1.1.1 - Missing Authorization for Jenkinsfile Changes
CVSS 7.5
CVE-2019-10323
MEDIUM
Jenkins Artifactory Plugin <= 3.2.3 - Missing Authorization in fillCredentialsIdItems Methods
CVSS 4.3
CVE-2019-10322
MEDIUM
Jenkins Artifactory Plugin <= 3.2.2 - Missing Authorization in Test Connection Feature
CVSS 4.3
CVE-2019-11875
HIGH
Blueprism Robotic Process Automation - Missing Authorization
CVSS 8.8
CVE-2019-10849
HIGH
Computrols CBAS < 19.0.0 - Unauthenticated Source Code Disclosure via SVN Directory
CVSS 7.5
CVE-2019-0201
MEDIUM
Apache ZooKeeper 1.0.0-3.4.13 and 3.5.0-alpha-3.5.4-beta - Unauthenticated Information Disclosure via getACL() Command
CVSS 5.9
CVE-2019-10319
MEDIUM
Jenkins PAM Authentication Plugin 1.5 and earlier - Missing Authorization in PamSecurityRealm.DescriptorImpl#doTest
CVSS 4.3
CVE-2019-12168
HIGH
Four-Faith Wireless Mobile Router F3x24 v1.0 - RCE
CVSS 7.2
CVE-2019-6790
MEDIUM
GitLab 8.14.0-11.5.7, 11.6.0-11.6.5, 11.7.0 - Unauthenticated Merge Request List Exposure
CVSS 4.3
CVE-2019-0293
MEDIUM
SAP Solution Manager System - Missing Authorization for RFC Destination Access
CVSS 6.5
CVE-2019-0280
HIGH
SAP Treasury and Risk Management - Missing Authorization for T_DEAL_DP and T_DEAL_PD
CVSS 8.8
CVE-2019-11611
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via File Download Endpoint
CVSS 7.5
Details
Vulnerabilities
8,421
Exploit Likelihood
High