Java : Missing authorization

Classification

OWASP Top 10 2017

A5-Broken Access Control

OWASP Top 10 2021

A1-Broken Access Control

OWASP ASVS

Error Handling and Logging Access Control Access Control Access Control Access Control

CWE

CWE-285 CWE-306 CWE-732 CWE-862

CWE/SANS Top 25 2011

CWE-306 CWE-732 CWE-862

CWE/SANS Top 25 2021

CWE-306 CWE-732 CWE-862

Overview

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

When access control checks are not applied, this can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution.

Missing authorization weaknesses may arise when a single-user application is ported to a multi-user environment.

Java : Missing authorization

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Java : Missing authorization in your application?

See also

Java : Race condition

Java : Text4Shell Vulnerability

Java : JNI usage