CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,466 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 30 of 170
- CVE-2022-38512MEDIUMCVSS 6.5EG 6.52022-09-22
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web c…
- CVE-2022-38651CRITICALCVSS 9.8EG 9.82022-11-12
A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerabi…
- CVE-2022-38669HIGHCVSS 7.8EG 7.82022-10-14
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
- CVE-2022-38670HIGHCVSS 7.8EG 7.82022-10-14
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
- CVE-2022-38677MEDIUMCVSS 5.5EG 5.52022-10-14
In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed.
- CVE-2022-38678MEDIUMCVSS 5.5EG 5.52023-01-04
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-38679MEDIUMCVSS 5.5EG 5.52022-10-14
In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.
- CVE-2022-38682MEDIUMCVSS 5.5EG 5.52023-01-04
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-38683MEDIUMCVSS 5.5EG 5.52023-01-04
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-38684MEDIUMCVSS 5.5EG 5.52023-01-04
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-38685MEDIUMCVSS 5.5EG 5.52023-05-09
In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed.
- CVE-2022-38687MEDIUMCVSS 5.5EG 5.52022-10-14
In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.
- CVE-2022-38688MEDIUMCVSS 5.5EG 5.52022-10-14
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2022-38689MEDIUMCVSS 5.5EG 5.52022-10-14
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2022-38697MEDIUMCVSS 5.5EG 5.52022-10-14
In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed.
- CVE-2022-38698HIGHCVSS 7.8EG 7.82022-10-14
In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
- CVE-2022-39080HIGHCVSS 7.8EG 7.82022-10-14
In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
- CVE-2022-39081MEDIUMCVSS 6.7EG 6.72023-01-04
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
- CVE-2022-39082MEDIUMCVSS 6.7EG 6.72023-01-04
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
- CVE-2022-39083MEDIUMCVSS 6.7EG 6.72023-01-04
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
- CVE-2022-39084MEDIUMCVSS 6.7EG 6.72023-01-04
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
- CVE-2022-39085MEDIUMCVSS 6.7EG 6.72023-01-04
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
- CVE-2022-39086MEDIUMCVSS 6.7EG 6.72023-01-04
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
- CVE-2022-39087MEDIUMCVSS 6.7EG 6.72023-01-04
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
- CVE-2022-39088MEDIUMCVSS 6.7EG 6.72023-01-04
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
- CVE-2022-39090HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39091HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39092HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39093HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39094HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39095HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39096HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39097HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39098HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39099HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39100HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39101HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39102HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-39103MEDIUMCVSS 5.5EG 5.52022-10-14
In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed.
- CVE-2022-39104MEDIUMCVSS 5.5EG 5.52023-01-04
In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.
- CVE-2022-39107HIGHCVSS 7.8EG 7.82022-10-14
In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed.
- CVE-2022-39108HIGHCVSS 7.8EG 7.82022-10-14
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
- CVE-2022-39109HIGHCVSS 7.8EG 7.82022-10-14
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
- CVE-2022-3911HIGHCVSS 8.8EG 8.82023-01-02
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users…
- CVE-2022-39110HIGHCVSS 7.8EG 7.82022-10-14
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
- CVE-2022-39111HIGHCVSS 7.8EG 7.82022-10-14
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
- CVE-2022-39112MEDIUMCVSS 5.5EG 5.52022-10-14
In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.
- CVE-2022-39113MEDIUMCVSS 5.5EG 5.52022-10-14
In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.
- CVE-2022-39114MEDIUMCVSS 5.5EG 5.52022-10-14
In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.
- CVE-2022-39115MEDIUMCVSS 5.5EG 5.52022-10-14
In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →