The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,421 vulnerabilities with CWE-862
CVE-2019-11610
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via downloaddir.php
CVSS 7.5
CVE-2019-11609
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via movefile.php
CVSS 8.2
CVE-2019-11608
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via /fileman/php/renamefile.php
CVSS 8.2
CVE-2019-11607
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via copydir.php
CVSS 7.5
CVE-2019-11606
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via copyfile.php
CVSS 7.5
CVE-2019-3399
HIGH
Jira <7.13.2 and 8.0.0-8.0.2 - Unauthenticated Information Disclosure via BrowseProjects.jspa
CVSS 7.5
CVE-2019-10312
MEDIUM
Jenkins Ansible Tower Plugin <= 0.9.1 - Missing Authorization in TowerInstallation Descriptor
CVSS 4.3
CVE-2019-10311
HIGH
Jenkins Ansible Tower Plugin < 0.9.1 - Missing Authorization in TowerInstallation Connection Test
CVSS 8.8
CVE-2019-10308
MEDIUM
Jenkins Static Analysis Utilities < 1.95 - Missing Authorization in DefaultGraphConfigurationView#doSave
CVSS 6.5
CVE-2019-2026
HIGH
Android <8.0 - Privilege Escalation
CVSS 7.8
CVE-2019-10305
MEDIUM
Jenkins XebiaLabs XL Deploy Plugin < 7.5.3 - Missing Authorization in Credential Validation
CVSS 6.5
CVE-2019-10301
HIGH
Jenkins GitLab Plugin < 1.5.11 - Missing Authorization in Connection Test
CVSS 8.8
CVE-2019-9224
MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Missing Authorization
CVSS 5.3
CVE-2019-9171
LOW
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Information Exposure
CVSS 3.7
CVE-2019-9974
CRITICAL
DASAN H660RM Firmware 1.03-0022 - Unauthenticated Command Execution via diag_tool.cgi
CVSS 9.1
CVE-2019-0279
HIGH
SAP BASIS - Authenticated Privilege Escalation via ABAP Function Modules
CVSS 8.8
CVE-2019-10868
MEDIUM
Tryton 4.2.0-4.2.20, 4.4.0-4.4.18, 4.6.0-4.6.13, 4.8.0-4.8.9, 5.0.0-5.0.5 - Missing Authorization in Model Storage
CVSS 6.5
CVE-2019-3886
MEDIUM
libvirt >=4.8.0 <5.3.0 - Missing Authorization for Guest Agent APIs
CVSS 5.4
CVE-2019-10293
MEDIUM
Jenkins Kmap Plugin - Missing Authorization in Form Validation Methods
CVSS 6.5
CVE-2019-10290
MEDIUM
Jenkins Netsparker Cloud Scan Plugin < 1.1.5 - Missing Authorization in NCScanBuilder Descriptor Validation
CVSS 6.5
CVE-2019-10279
MEDIUM
Jenkins Reviewbot Plugin - Missing Authorization in Test Connection Form Validation
CVSS 6.5
CVE-2019-1003099
MEDIUM
Jenkins openid < 2.3 - Missing Authorization in OpenIdSsoSecurityRealm Descriptor Validation
CVSS 6.5
CVE-2019-1003093
MEDIUM
Jenkins Nomad Plugin - Privilege Escalation
CVSS 6.5
CVE-2019-1003091
MEDIUM
Jenkins SOASTA CloudTest Plugin - Privilege Escalation
CVSS 6.5
CVE-2019-1003087
MEDIUM
Jenkins Chef Sinatra Plugin - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities
8,421
Exploit Likelihood
High