CWE-862— Missing Authorization
7,611 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 52 of 153
- CVE-2023-42714MEDIUMCVSS 5.5EG 5.52023-12-04
In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-42730MEDIUMCVSS 5.5EG 5.52023-12-04
In IMS service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-42732MEDIUMCVSS 5.5EG 5.52023-12-04
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-42733MEDIUMCVSS 5.5EG 5.52023-12-04
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-42734MEDIUMCVSS 5.5EG 5.52023-12-04
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-42735MEDIUMCVSS 4.4EG 4.42023-12-04
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
- CVE-2023-42736HIGHCVSS 7.8EG 7.82023-12-04
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-42737MEDIUMCVSS 5.5EG 5.52023-12-04
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-42738HIGHCVSS 7.8EG 7.82023-12-04
In telocom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-42739HIGHCVSS 7.8EG 7.82023-12-04
In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-42740HIGHCVSS 7.8EG 7.82023-12-04
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-42741MEDIUMCVSS 5.5EG 5.52023-12-04
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-42742MEDIUMCVSS 5.5EG 5.52023-12-04
In sysui, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed
- CVE-2023-42743HIGHCVSS 7.8EG 7.82023-12-04
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-42744MEDIUMCVSS 5.5EG 5.52023-12-04
In telecom service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed
- CVE-2023-42745HIGHCVSS 7.8EG 7.82023-12-04
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-42746HIGHCVSS 7.8EG 7.82023-12-04
In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-42747HIGHCVSS 7.8EG 7.82023-12-04
In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-42748HIGHCVSS 7.8EG 7.82023-12-04
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-42749MEDIUMCVSS 5.5EG 5.52023-12-04
In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-4282MEDIUMCVSS 5.4EG 5.42023-08-10
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible…
- CVE-2023-42896MEDIUMCVSS 5.5EG 5.52024-03-28
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify p…
- CVE-2023-4302MEDIUMCVSS 4.2EG 4.22023-08-21
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, captur…
- CVE-2023-43090MEDIUMCVSS 5.5EG 5.52023-09-22
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot too…
- CVE-2023-43134CRITICALCVSS 9.8EG 9.82023-09-20
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend manag…
- CVE-2023-43135CRITICALCVSS 9.8EG 9.82023-09-20
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to t…
- CVE-2023-43194MEDIUMCVSS 5.3EG 5.32023-11-02
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.
- CVE-2023-43488HIGHCVSS 7.9EG 7.92023-10-25
The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a…
- CVE-2023-43501MEDIUMCVSS 6.5EG 6.52023-09-20
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
- CVE-2023-43652HIGHCVSS 8.2EG 8.22023-09-27
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key …
- CVE-2023-43700HIGHCVSS 7.7EG 7.72023-10-09
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.
- CVE-2023-4374MEDIUMCVSS 4.3EG 4.32023-08-16
The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it…
- CVE-2023-43846MEDIUMCVSS 5.3EG 5.32024-05-28
Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the device logs via HTTP GET request. The logs contain such information as user names and IP addresses …
- CVE-2023-43885HIGHCVSS 8.1EG 8.12023-11-07
Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.
- CVE-2023-44113HIGHCVSS 7.5EG 7.52023-12-06
Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2023-44142MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in Deepen Bajracharya Inactive Logout inactive-logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through <= 3.2.2.
- CVE-2023-44147MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in apasionados Comment Blacklist Updater comment-blacklist-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comment Blacklist Updater: from n/a through <…
- CVE-2023-44148MEDIUMCVSS 5.4EG 5.42024-06-19
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.
- CVE-2023-44149MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through <= 3.8.2.2.
- CVE-2023-44151MEDIUMCVSS 5.4EG 5.42024-06-19
Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1.
- CVE-2023-44208CRITICALCVSS 9.1EG 7.82023-10-04
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
- CVE-2023-44210MEDIUMCVSS 5.5EG 7.32023-10-04
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 29258, Acronis Cyber Protect 17 (Linux, macOS, Wind…
- CVE-2023-44211HIGHCVSS 7.1EG 7.12023-10-05
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) be…
- CVE-2023-44212HIGHCVSS 7.1EG 7.32023-10-05
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.
- CVE-2023-44214MEDIUMCVSS 5.5EG 5.52023-10-05
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
- CVE-2023-44227HIGHCVSS 7.5EG 7.52024-04-17
Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9.
- CVE-2023-44234MEDIUMCVSS 4.3EG 4.32024-06-12
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08.
- CVE-2023-44258MEDIUMCVSS 5.3EG 5.32025-01-02
Missing Authorization vulnerability in vberkel Schema App Structured Data schema-app-structured-data-for-schemaorg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from …
- CVE-2023-4434MEDIUMCVSS 6.1EG 5.12023-08-20
Missing Authorization in GitHub repository hamza417/inure prior to build88.
- CVE-2023-44472MEDIUMCVSS 4.3EG 4.32024-05-03
Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →