CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,466 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 24 of 170
- CVE-2022-20182MEDIUMCVSS 4.4EG 4.42022-06-15
In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interact…
- CVE-2022-20200MEDIUMCVSS 5.5EG 5.52022-06-15
In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not ne…
- CVE-2022-20204HIGHCVSS 7.8EG 7.82022-06-15
In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution…
- CVE-2022-20206MEDIUMCVSS 5.5EG 5.52022-06-15
In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User inter…
- CVE-2022-20225MEDIUMCVSS 5.5EG 5.52022-07-13
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed…
- CVE-2022-20240LOWCVSS 2.3EG 2.32022-12-13
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User in…
- CVE-2022-20255MEDIUMCVSS 4.4EG 4.42022-08-12
In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
- CVE-2022-20259MEDIUMCVSS 5.5EG 5.52022-08-12
In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Prod…
- CVE-2022-20261LOWCVSS 2.3EG 2.32022-08-12
In LocationManager, there is a possible way to get location information due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploita…
- CVE-2022-20262LOWCVSS 3.3EG 3.32022-08-12
In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed fo…
- CVE-2022-20263MEDIUMCVSS 5.5EG 5.52022-08-12
In ActivityManager, there is a way to read process state for other users due to a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed …
- CVE-2022-20267LOWCVSS 3.3EG 3.32022-08-12
In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interactio…
- CVE-2022-20274HIGHCVSS 7.8EG 7.82022-08-12
In Keyguard, there is a missing permission check. This could lead to local escalation of privilege and prevention of screen timeout with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers…
- CVE-2022-20281HIGHCVSS 7.8EG 7.82022-08-12
In Core, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploit…
- CVE-2022-20282HIGHCVSS 7.8EG 7.82022-08-12
In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed f…
- CVE-2022-20284MEDIUMCVSS 5.5EG 5.52022-08-12
In Telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of phone accounts with User execution privileges needed. User interaction is not needed for exploit…
- CVE-2022-20294MEDIUMCVSS 5.5EG 5.52022-08-12
In Content, there is a possible way to learn about an account present on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed fo…
- CVE-2022-20295MEDIUMCVSS 5.5EG 5.52022-08-12
In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed…
- CVE-2022-20296MEDIUMCVSS 5.5EG 5.52022-08-12
In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed…
- CVE-2022-20298MEDIUMCVSS 5.5EG 5.52022-08-12
In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed…
- CVE-2022-20299MEDIUMCVSS 5.5EG 5.52022-08-12
In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not…
- CVE-2022-20300MEDIUMCVSS 5.5EG 5.52022-08-12
In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed…
- CVE-2022-20301MEDIUMCVSS 5.5EG 5.52022-08-12
In Content, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for ex…
- CVE-2022-20303MEDIUMCVSS 5.5EG 5.52022-08-12
In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed…
- CVE-2022-20305LOWCVSS 3.3EG 3.32022-08-12
In ContentService, there is a possible disclosure of available account types due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for explo…
- CVE-2022-20310LOWCVSS 3.3EG 3.32022-08-12
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed …
- CVE-2022-20311LOWCVSS 3.3EG 3.32022-08-12
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed …
- CVE-2022-20312MEDIUMCVSS 5.5EG 5.52022-08-12
In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. This could lead to local information disclosure without additional execution privileges needed. User interaction is …
- CVE-2022-20315LOWCVSS 3.3EG 3.32022-08-12
In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for …
- CVE-2022-20321LOWCVSS 3.3EG 3.32022-08-12
In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.…
- CVE-2022-20322MEDIUMCVSS 5.5EG 5.52022-08-12
In PackageManager, there is a possible installed package disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for explo…
- CVE-2022-20323MEDIUMCVSS 5.5EG 5.52022-08-12
In PackageManager, there is a possible package installation disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitatio…
- CVE-2022-20326MEDIUMCVSS 5.5EG 5.52022-08-12
In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Produ…
- CVE-2022-20327LOWCVSS 2.8EG 2.82022-08-12
In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed f…
- CVE-2022-20328LOWCVSS 3.3EG 3.32022-08-12
In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not …
- CVE-2022-20329HIGHCVSS 7.8EG 7.82022-08-12
In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl…
- CVE-2022-20330LOWCVSS 3.5EG 3.52022-08-12
In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interac…
- CVE-2022-20335LOWCVSS 3.3EG 3.32022-08-12
In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. …
- CVE-2022-20336LOWCVSS 3.3EG 3.32022-08-12
In Settings, there is a possible installed application disclosure due to a missing permission check. This could lead to local information disclosure of applications allow-listed to use the network during VPN lockdown mode with no additiona…
- CVE-2022-2034MEDIUMCVSS 5.3EG 5.32022-08-29
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
- CVE-2022-20340LOWCVSS 3.3EG 3.32022-08-12
In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User …
- CVE-2022-20341MEDIUMCVSS 5.5EG 5.52022-08-12
In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User inter…
- CVE-2022-20348HIGHCVSS 7.8EG 7.82022-08-10
In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileg…
- CVE-2022-20349HIGHCVSS 7.8EG 7.82022-08-10
In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution pr…
- CVE-2022-20352MEDIUMCVSS 5.5EG 5.52022-08-10
In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additiona…
- CVE-2022-20358LOWCVSS 3.3EG 3.32022-08-10
In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges ne…
- CVE-2022-20360HIGHCVSS 7.8EG 7.82022-08-10
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed f…
- CVE-2022-20394MEDIUMCVSS 5.0EG 5.02022-10-11
In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no addi…
- CVE-2022-20396MEDIUMCVSS 5.5EG 5.52022-09-13
In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execut…
- CVE-2022-20430HIGHCVSS 7.8EG 7.82022-10-11
There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221233
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →