Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-22 | CVE-2023-49791 | Improper Access Control vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 5.4 |
| 2023-12-21 | CVE-2023-50783 | Improper Access Control vulnerability in Apache Airflow Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue | 6.5 |
| 2023-12-19 | CVE-2019-25157 | Improper Access Control vulnerability in Ethex Contracts A vulnerability was found in Ethex Contracts. | 4.3 |
| 2023-12-15 | CVE-2023-48441 | Improper Access Control vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. | 5.3 |
| 2023-12-13 | CVE-2023-6773 | Improper Access Control vulnerability in Codeastro POS and Inventory Management System 1.0 A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. | 8.8 |
| 2023-12-13 | CVE-2023-6761 | Improper Access Control vulnerability in Thecosy Icecms 2.0.1 A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. | 8.8 |
| 2023-12-13 | CVE-2023-6758 | Improper Access Control vulnerability in Thecosy Icecms 2.0.1 A vulnerability was found in Thecosy IceCMS 2.0.1. | 4.3 |
| 2023-12-13 | CVE-2023-47536 | Improper Access Control vulnerability in Fortinet Fortios and Fortiproxy An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update. | 5.3 |
| 2023-12-12 | CVE-2023-42481 | Improper Access Control vulnerability in SAP Commerce Cloud 8.1 In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. | 8.1 |
| 2023-11-28 | CVE-2023-32063 | Improper Access Control vulnerability in Oroinc Client Relationship Management OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. | 5.0 |