Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2018-19496 Improper Access Control vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1.
network
low complexity
gitlab CWE-284
6.5
2019-07-10 CVE-2018-19494 Improper Access Control vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1.
network
low complexity
gitlab CWE-284
4.3
2019-07-09 CVE-2018-14833 Improper Access Control vulnerability in Intuit Lacerte
Intuit Lacerte 2017 has Incorrect Access Control.
network
high complexity
intuit CWE-284
5.9
2019-07-03 CVE-2018-14859 Improper Access Control vulnerability in Odoo 10.0/11.0/9.0
Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token.
network
low complexity
odoo CWE-284
8.1
2019-07-03 CVE-2018-14864 Improper Access Control vulnerability in Odoo 10.0/8.0/9.0
Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment.
network
low complexity
odoo CWE-284
6.5
2019-07-03 CVE-2018-14863 Improper Access Control vulnerability in Odoo 10.0/11.0/9.0
Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.
network
low complexity
odoo CWE-284
8.1
2019-06-28 CVE-2019-13028 Improper Access Control vulnerability in Minv Electronic Identification Cards Client
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page.
network
low complexity
minv CWE-284
8.8
2019-06-28 CVE-2018-14885 Improper Access Control vulnerability in Odoo 10.0/11.0
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password.
network
low complexity
odoo CWE-284
critical
9.8
2019-06-28 CVE-2018-14867 Improper Access Control vulnerability in Odoo 10.0/9.0
Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters.
network
low complexity
odoo CWE-284
5.3
2019-06-20 CVE-2018-16553 Improper Access Control vulnerability in Jspxcms 9.0.0
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin.
network
low complexity
jspxcms CWE-284
7.2