The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,426 vulnerabilities with CWE-862
CVE-2018-0322
HIGH
Cisco Prime Collaboration Provisioning < 12.1 - Authenticated Privilege Escalation via Help Desk Role
CVSS 8.8
CVE-2018-0317
HIGH
Cisco Prime Collaboration Provisioning < 12.2 - Authenticated Privilege Escalation via Access Request Modification
CVSS 8.8
CVE-2018-10092
HIGH
Dolibarr <7.0.2 - Command Injection
CVSS 8.0
CVE-2018-8012
HIGH
Apache ZooKeeper <3.4.10, <3.5.0-alpha-<3.5.3-beta - DoS
CVSS 7.5
CVE-2018-2419
LOW
SAP Enterprise Financial Services - Missing Authorization
CVSS 3.7
CVE-2018-10251
CRITICAL
Sierra Wireless AirLink - RCE
CVSS 9.8
CVE-2018-10207
MEDIUM
Vaultize Enterprise File Sharing <17.05.31 - Info Disclosure
CVSS 5.3
CVE-2018-2413
MEDIUM
SAP Disclosure Management 10.1 - Authenticated Missing Authorization
CVSS 5.4
CVE-2018-2412
LOW
SAP Disclosure Management 10.1 - Authenticated Privilege Escalation
CVSS 3.8
CVE-2018-1217
CRITICAL
Dell EMC Avamar Server 7.3.1-7.5.0 & IDPA 2.0-2.1 - Unauthenticated Credential Read/Modify via Local Download Service
CVSS 9.8
CVE-2018-9039
MEDIUM
Octopus Deploy 2.0-2018.3.6 - Authenticated Missing Authorization in Variable Scoping
CVSS 6.5
CVE-2018-7702
CRITICAL
SecurEnvoy SecurMail <9.2.501 - RCE
CVSS 9.1
CVE-2018-0015
CRITICAL
Juniper AppFormix <= 2.7.3, < 2.11.3, < 2.15.2 - Unauthenticated Remote Code Execution via Python Debug Console
CVSS 9.8
CVE-2018-2381
HIGH
SAP ERP Financials SAP_APPL 6.00-6.06,6.16 SAP_FIN 6.17-6.18,7.00,7.20,7.30 S4CORE 1.00-1.02 - Privilege Escalation
CVSS 8.8
CVE-2018-1000022
MEDIUM
Electrum Bitcoin Wallet <3.0.5 - Missing Authorization
CVSS 5.3
CVE-2018-1000015
MEDIUM
Jenkins Pipeline: Nodes and Processes < 2.17 - Missing Authorization for Pipeline Node Blocks
CVSS 4.8
CVE-2018-6000
CRITICAL
AsusWRT <3.0.0.4.384_10007 - Privilege Escalation
CVSS 9.8
CVE-2018-0092
HIGH
Cisco NX-OS - Authenticated Arbitrary User Deletion via Missing RBAC Checks
CVSS 7.1
CVE-2018-5377
CRITICAL
DiscuzX X3.4 - Missing Authorization via archiver/index.php action parameter
CVSS 9.8
CVE-2017-13316
HIGH
Android - Missing Authorization in RecognitionService
CVSS 7.8
CVE-2017-13314
HIGH
Android - Missing Authorization in NetworkManagementService
CVSS 7.8
CVE-2017-15680
MEDIUM
Crafter CMS 3.0-3.0.1 - Unauthenticated Insecure Direct Object Reference
CVSS 6.5
CVE-2017-18677
HIGH
Samsung Mobile <M6.0,N7.x - Info Disclosure
CVSS 7.5
CVE-2017-18666
HIGH
Android KK(4.4) L(5.0/5.1) M(6.0) N(7.x) - Unauthenticated Premium SMS Sending
CVSS 7.5
CVE-2017-6923
MEDIUM
Drupal 8.x <8.3.7 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities
8,426
Exploit Likelihood
High