CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,426 vulnerabilities with CWE-862
CVE-2017-18312 HIGH
Qualcomm Msm8996au Firmware - Missing Authorization
CVSS 7.8
CVE-2017-2662 MEDIUM
Katello 3.4.5 - Improper Privilege Management via Hammer Repository ID
CVSS 4.3
CVE-2017-17707 HIGH
Pleasant Password Server < 7.8.3 - Authenticated Arbitrary Attachment Manipulation via CredentialId
CVSS 8.1
CVE-2017-2652 HIGH
Jenkins Distributed Fork < 1.5.0 - Authenticated Remote Code Execution via dist-fork CLI Command
CVSS 8.8
CVE-2017-7530 HIGH
CloudForms Management Engine < 5.7.3 and 5.8.x < 5.8.1 - Missing Authorization via MiqExpression Filtering
CVSS 8.8
CVE-2017-18101 MEDIUM
Atlassian JIRA <7.6.5, 7.7.0-7.7.3, 7.8.0-7.8.3 - Unauthenticated Import Execution
CVSS 6.5
CVE-2017-13247 HIGH
Android Pixel 2 Bootloader - Missing Authorization Bypass via Carrier Lock Check
CVSS 7.8
CVE-2017-18035 MEDIUM
Atlassian Fisheye and Crucible < 4.5.1 - Unauthenticated Information Disclosure via Review Coverage Chart Endpoint
CVSS 4.3
CVE-2017-9513 MEDIUM
Atlassian Activity Streams <6.3.0 - Privilege Escalation
CVSS 5.4
CVE-2017-1000400 MEDIUM
Jenkins <2.73.1, <2.83 - Info Disclosure
CVSS 4.3
CVE-2017-1000390 MEDIUM
Jenkins Multijob <1.25 - Privilege Escalation
CVSS 4.3
CVE-2017-1000388 MEDIUM
Jenkins Dependency Graph Viewer <0.12 - Privilege Escalation
CVSS 4.3
CVE-2017-13209 HIGH
Android 8.0-8.1 - Unauthenticated Missing Authorization in ServiceManager::add
CVSS 7.8
CVE-2017-17807 LOW
Linux Kernel < 4.14.6 - Missing Authorization in KEYS Subsystem
CVSS 3.3
CVE-2017-17693 MEDIUM
Techno - Portfolio Management Panel < 2017-11-16 - Missing Authorization for Feedback Deletion
CVSS 4.3
CVE-2017-17665 HIGH
Octopus Deploy < 4.1.3 - Missing Authorization in Machine Update Process
CVSS 8.8
CVE-2017-17450 HIGH
Linux Kernel < 4.14.4 - Missing Authorization for xt_osf add_callback and remove_callback
CVSS 7.8
CVE-2017-17448 HIGH
Linux Kernel < 4.14.4 - Missing Authorization in nfnetlink_cthelper
CVSS 7.8
CVE-2017-17433 LOW
Debian Linux - Missing Authorization
CVSS 3.7
CVE-2017-11042 HIGH
Android for MSM - Missing Authorization in ImsService and IQtiImsExt AIDL APIs
CVSS 7.8
CVE-2017-12084 HIGH
Circle with Disney 2.0.1 - Unauthenticated Backdoor via SSH Server API Call
CVSS 8.0
CVE-2017-1000243 MEDIUM
Jenkins Favorite Plugin <2.1.4 - Privilege Escalation
CVSS 4.3
CVE-2017-1000105 MEDIUM
Blue Ocean - Missing Authorization for Archived Artifacts
CVSS 5.3
CVE-2017-1000086 HIGH
Periodic Backup Plugin - Privilege Escalation & CSRF
CVSS 8.0
CVE-2017-10846 HIGH
NTT DOCOMO Wi-Fi STATION L-02F <= V10b - Missing Authorization
CVSS 7.5
Details
Vulnerabilities 8,426
Exploit Likelihood High