CWE-862 - Missing Authorization

Description

Because of this weakness the software can't determine whether the authorization of the actor, trying to gain access to any data or carry out some actions was correct and acurate or no.
Lack of access control checking let any user to access all resourses and actions they want. It can cause information exposures, denial of service, and arbitrary code execution.
Such weakness gives attackers ability to read and alter sensitive data and also get access to privileged functionality.
The vulnerability is introduced during Architecture and Design, Implementation and Operation stages.

Latest vulnerabilities for CWE-862

Missing authorization in Apache ActiveMQ 2024-05-01
Medium Yes

Multiple vulnerabilities in Oracle Linux 2024-04-17
High Yes

Multiple vulnerabilities in VMware SD-WAN Edge 2024-04-02
High Yes

Multiple vulnerabilities in Anyscale Ray 2024-03-29
High Yes

Multiple vulnerabilities in Google ChromeOS 2024-03-20
Critical Yes

Missing authorization in Apache Pulsar 2024-03-15
Medium Yes

Multiple vulnerabilities in Unbound 2024-02-15
Medium Yes

Multiple vulnerabilities in MediaTek chipsets 2024-02-06
High Yes

Missing authorization in IBM Instana Observability 2024-02-05
Critical Yes

Multiple vulnerabilities in Apache Superset 2024-01-31
Medium Yes

References

Description of CWE-862 on Mitre website