CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,421 vulnerabilities with CWE-862
CVE-2018-19830 HIGH
Smart Contract - Privilege Escalation
CVSS 7.5
CVE-2018-20501 MEDIUM
GitLab 8.12.0-11.4.12 11.5.0-11.5.5 11.6.0 - Missing Authorization
CVSS 6.3
CVE-2018-14997 MEDIUM
Leagoo P1 Firmware - Unauthenticated Screenshot Capture via Exported Broadcast Receiver
CVSS 5.5
CVE-2018-4059 CRITICAL
coturn < 4.5.0.9 - Unauthenticated Administrator Access via TELNET Admin Portal
CVSS 9.8
CVE-2018-17491 HIGH
EasyLobby Solo - Privilege Escalation
CVSS 8.4
CVE-2018-17490 HIGH
EasyLobby Solo - Unauthenticated Denial of Service via Task Manager Access
CVSS 7.7
CVE-2018-10093 HIGH
AudioCodes IP phone 420HD <2.2.12.126 - RCE
CVSS 8.8
CVE-2018-11888 HIGH
Snapdragon Auto/Mobile/Compute/etc. <various - Unauthorized Access
CVSS 7.8
CVE-2018-18996 CRITICAL
LCDS Laquis SCADA < 4.1.0.4150 - Remote Code Execution
CVSS 9.8
CVE-2018-16081 HIGH
Google Chrome < 69.0.3497.81 - Unauthenticated Local File Access via chrome.debugger API
CVSS 7.4
CVE-2018-2484 HIGH
SAP Enterprise Financial Services - Missing Authorization
CVSS 8.8
CVE-2018-18004 MEDIUM
VIVOTEK Network Camera Series - Unauthenticated Arbitrary System Service Enablement via mod_inetd.cgi URL Parameter
CVSS 5.3
CVE-2018-15005 HIGH
ZTE ZMAX Champ Android - Privilege Escalation
CVSS 7.1
CVE-2018-14985 HIGH
Leagoo Z5C Firmware - Unauthenticated Factory Reset via Exported Broadcast Receiver
CVSS 7.1
CVE-2018-15329 HIGH
BIG-IP <14.0.2 - Privilege Escalation
CVSS 7.2
CVE-2018-20155 MEDIUM
WP Maintenance Mode <2.0.7 - Auth Bypass
CVSS 4.3
CVE-2018-2503 HIGH
SAP NetWeaver AS Java - Info Disclosure
CVSS 7.4
CVE-2018-9548 MEDIUM
Android 7.0-9 - Unauthenticated Local Information Disclosure via Missing URI Validation
CVSS 5.5
CVE-2018-19754 HIGH
Tarantella Enterprise <3.11 - Auth Bypass
CVSS 8.8
CVE-2018-18647 MEDIUM
GitLab 8.11-11.2.6 11.3.x<11.3.8 11.4.x<11.4.3 - Missing Authorization
CVSS 6.5
CVE-2018-9457 MEDIUM
Android 8.0-9 - Unauthenticated Local Information Disclosure via Bluetooth Pairing Bypass
CVSS 5.5
CVE-2018-1314 MEDIUM
Apache Hive < 2.3.3 and 3.1.0 - Missing Authorization for EXPLAIN Operation
CVSS 4.3
CVE-2018-19110 MEDIUM
tianti 2.3 - Authenticated Missing Authorization in Skin Management
CVSS 6.5
CVE-2018-19079 HIGH
Foscam Opticam i5 Firmware 1.5.2.11/2.21.1.128 - Unauthenticated DoS via ONVIF SystemReboot
CVSS 7.5
CVE-2018-15327 HIGH
BIG-IP <14.0.0.2/<13.1.1.1 - Privilege Escalation
CVSS 7.2
Details
Vulnerabilities 8,421
Exploit Likelihood High