Show CWE-862: Missing Authorization

	Topic	Date	Author
Med.	SAP Solution Manager 7.2 Missing Authorization	15.06.2021	Pablo Artuso
Med.	URVE Software Build 24.03.2020 Missing Authorization	30.12.2020	Erik Steltzner
Low	1CRM 8.6.7 Insecure Direct Object Reference	17.09.2020	Andreas Sperber
Med.	WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability	21.06.2018	KingSkrupellos
High	Lenovo ShareIT Information Disclosure / Hardcoded Password	26.01.2016	CoreLabs
High	SAP Afaria 7 Missing Authorization Check	19.06.2015	Vahagn Vardanyan

CVEMAP Search Results

CVE

Details

Description

2021-07-14

Medium	CVE-2021-33671	Vendor: SAP Software: Netweaver gu...	SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data.
Medium	CVE-2021-33676	Vendor: SAP Software: Customer rel...	A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
Low	CVE-2021-20747	Vendor: Retty Software: Retty	Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Medium	CVE-2021-0597	Vendor: Google Software: Android	In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502

2021-07-12

Medium

CVE-2020-19038

Vendor: HALO
Software: HALO

File Deletion vulnerability in Halo 0.4.3 via delBackup.

2021-07-08

Medium

CVE-2020-18741

Vendor: Thinksaas
Software: Thinksaas

Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."

2021-06-30

Low	CVE-2021-21676	Vendor: Jenkins Software: Requests	Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address.
Low	CVE-2021-21674	Vendor: Jenkins Software: Requests	A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.

2021-06-24

Low

CVE-2021-29959

Vendor: Mozilla
Software: Firefox

When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.

2021-06-22

Medium

CVE-2021-0547

Vendor: Google
Software: Android

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048

15.06.2021

30.12.2020

17.09.2020

21.06.2018

26.01.2016

19.06.2015