CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,426 vulnerabilities with CWE-862
CVE-2018-9457 MEDIUM
Android 8.0-9 - Unauthenticated Local Information Disclosure via Bluetooth Pairing Bypass
CVSS 5.5
CVE-2018-1314 MEDIUM
Apache Hive < 2.3.3 and 3.1.0 - Missing Authorization for EXPLAIN Operation
CVSS 4.3
CVE-2018-19110 MEDIUM
tianti 2.3 - Authenticated Missing Authorization in Skin Management
CVSS 6.5
CVE-2018-19079 HIGH
Foscam Opticam i5 Firmware 1.5.2.11/2.21.1.128 - Unauthenticated DoS via ONVIF SystemReboot
CVSS 7.5
CVE-2018-15327 HIGH
BIG-IP <14.0.0.2/<13.1.1.1 - Privilege Escalation
CVSS 7.2
CVE-2018-11785 MEDIUM
Apache Impala < 3.0.1 - Missing Authorization Check
CVSS 6.5
CVE-2018-18377 HIGH
Orange AirBox Y858_FL_01.16_04 - Unauthenticated Factory Reset via goform/setReset
CVSS 7.5
CVE-2018-15429 MEDIUM
Cisco HyperFlex HX Data Platform - Unauthenticated Sensitive Information Exposure via HTTP Request
CVSS 5.3
CVE-2018-16048 MEDIUM
GitLab 8.10.0-11.0.5 11.1.0-11.1.4 11.2.0-11.2.1 - Missing Authorization for API Repository Storage
CVSS 6.5
CVE-2018-2461 HIGH
SAP People Profile - Missing Authorization Check
CVSS 8.8
CVE-2018-2455 HIGH
SAP Enterprise Financial Services 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2018-2454 HIGH
SAP Enterprise Financial Services 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2018-16591 CRITICAL
FURUNO FELCOM 250 and 500 - Unauthenticated Password Change via sm_changepassword.cgi and sm_sms_changepasswd.cgi
CVSS 9.8
CVE-2018-7792 HIGH
Schneider Electric Modicon M221 - Privilege Escalation
CVSS 7.5
CVE-2018-8028 HIGH
Apache Sentry <2.0.1 - Privilege Escalation
CVSS 8.8
CVE-2018-5547 HIGH
F5 BIG-IP APM client <7.1.7.1 - Privilege Escalation
CVSS 7.8
CVE-2018-1116 MEDIUM
polkit <0.116 - Privilege Escalation
CVSS 4.4
CVE-2018-2436 HIGH
SAP R/3 Enterprise Retail - Missing Authorization in WRCK Transaction
CVSS 8.8
CVE-2018-11541 CRITICAL
Sonus SBC 1000/2000/SWe Lite - Unauthenticated Privilege Escalation
CVSS 9.8
CVE-2018-8755 CRITICAL
NuCom WR644GACV <STA006 - Info Disclosure
CVSS 9.8
CVE-2018-5135 HIGH
Firefox < 59.0 - Missing Authorization for WebExtension Script Injection
CVSS 7.5
CVE-2018-5113 HIGH
Firefox < 58 - Missing Authorization in WebExtensions WebAuthFlow
CVSS 7.5
CVE-2018-0336 HIGH
Cisco Prime Collaboration Provisioning - Authenticated Privilege Escalation via Batch File Processing
CVSS 8.8
CVE-2018-7689 HIGH
openSUSE Open Build Service < 2.9.3 - Authenticated Missing Authorization in InitializeDevelPackage
CVSS 7.1
CVE-2018-7688 HIGH
openSUSE Open Build Service < 2.9.3 - Authenticated Missing Authorization in Review Handling
CVSS 7.1
Details
Vulnerabilities 8,426
Exploit Likelihood High