Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-18	CVE-2021-36909	Missing Authorization vulnerability in Webfactoryltd WP Reset PRO Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. network low complexity webfactoryltd CWE-862	8.1
2021-11-17	CVE-2021-24851	Missing Authorization vulnerability in Insert Pages Project Insert Pages The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. network low complexity insert-pages-project CWE-862	4.0
2021-11-10	CVE-2021-40501	Missing Authorization vulnerability in SAP Abap Platform Kernel SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. network low complexity sap CWE-862	5.5
2021-11-10	CVE-2021-40502	Missing Authorization vulnerability in SAP Commerce SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. network low complexity sap CWE-862	6.5
2021-11-10	CVE-2021-42062	Missing Authorization vulnerability in SAP ERP Human Capital Management 600/604/608 SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. network low complexity sap CWE-862	4.0
2021-11-05	CVE-2021-42359	Missing Authorization vulnerability in Legalweb WP Dsgvo Tools 3.1.21/3.1.22/3.1.23 WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. network low complexity legalweb CWE-862	6.4
2021-11-04	CVE-2021-21685	Missing Authorization vulnerability in Jenkins Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. network low complexity jenkins CWE-862 critical	9.1
2021-11-04	CVE-2021-21687	Missing Authorization vulnerability in Jenkins Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. network low complexity jenkins CWE-862 critical	9.1
2021-11-04	CVE-2021-21688	Missing Authorization vulnerability in Jenkins The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo). network low complexity jenkins CWE-862	7.5
2021-11-04	CVE-2021-21694	Missing Authorization vulnerability in Jenkins FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. network low complexity jenkins CWE-862 critical	9.8

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization