CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,421 vulnerabilities with CWE-862
CVE-2019-0258 HIGH
SAP Disclosure Management 10.01 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2019-0257 HIGH
SAP Netweaver Application Server Abap < 7.02 - Missing Authorization
CVSS 8.8
CVE-2019-1003006 HIGH
Jenkins Groovy < 2.0 - Authenticated Remote Code Execution via StringScriptSource
CVSS 8.8
CVE-2019-1000017 MEDIUM
Chamilo Chamilo-lms <1.11.8 - Info Disclosure
CVSS 6.5
CVE-2019-5886 CRITICAL
ShopXO 1.2.0 - Unauthenticated Database Reinstallation and Arbitrary Code Execution via Missing Lock File Validation
CVSS 9.8
CVE-2019-0573 HIGH
Windows Data Sharing Service - Privilege Escalation
CVSS 7.8
CVE-2019-0566 HIGH
Microsoft Edge - Privilege Escalation
CVSS 8.8
CVE-2019-0555 HIGH
Microsoft XmlDocument - Privilege Escalation
CVSS 7.8
CVE-2019-0243 HIGH
SAP BW/4HANA - Authenticated Privilege Escalation via Masterdata Maintenance
CVSS 8.8
CVE-2018-25391 HIGH
HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion
CVSS 7.5
CVE-2018-9406 MEDIUM
Android - Missing Authorization in NlpService
CVSS 5.5
CVE-2018-9382 HIGH
Android - Missing Authorization in WifiServiceImpl.java
CVSS 7.8
CVE-2018-9477 HIGH
Android - Missing Authorization in Development Options
CVSS 7.8
CVE-2018-9469 HIGH
Android - Missing Authorization in ShortcutService
CVSS 7.8
CVE-2018-25105 CRITICAL
WordPress File Manager <3.0 - Auth Bypass
CVSS 9.8
CVE-2018-14628 MEDIUM
Samba 4.0.0-4.18.8 - Authenticated Information Disclosure in LDAP Server
CVSS 4.3
CVE-2018-25019 HIGH
LearnDash LMS WordPress Plugin < 2.5.4 - Unauthenticated Arbitrary File Upload via learndash_assignment_process_init()
CVSS 7.5
CVE-2018-10866 CRITICAL
redhat-certification 7 - Unauthenticated Arbitrary File Deletion via Configuration View
CVSS 9.1
CVE-2018-10865 HIGH
Red Hat Certification 7 - Unauthenticated Missing Authorization via /configuration View
CVSS 7.5
CVE-2018-21257 MEDIUM
Mattermost Server < 5.1.0 - Missing Authorization via Channel Header Slash Command API
CVSS 5.3
CVE-2018-21251 CRITICAL
Mattermost Server < 5.2 and < 5.1.1 - Missing Authorization via Channel Name Mismatch
CVSS 9.8
CVE-2018-21047 HIGH
Samsung Android O(8.x) - Factory Reset Protection Bypass via Voice Assistant
CVSS 7.5
CVE-2018-21046 LOW
Samsung Android O(8.x) - Unauthenticated Clipboard Data Exposure via Emergency Dialer
CVSS 2.4
CVE-2018-21042 CRITICAL
Samsung Android N(7.x)-P(9.0) - Unauthenticated Privileged Code Execution via Dual Messenger APK Installation
CVSS 9.8
CVE-2018-13063 HIGH
Easy!Appointments 1.3.0 - Missing Authorization
CVSS 7.5
Details
Vulnerabilities 8,421
Exploit Likelihood High