Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-34104 Improper Authorization vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
network
low complexity
adobe CWE-285
8.2
2024-05-01 CVE-2023-47166 A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2.
network
low complexity
CWE-285
8.8
2024-03-12 CVE-2024-21761 Improper Authorization vulnerability in Fortinet Fortiportal
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.
network
low complexity
fortinet CWE-285
4.3
2024-01-12 CVE-2022-4962 Improper Authorization vulnerability in Apolloconfig Apollo 2.0.0/2.0.1
A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic.
network
low complexity
apolloconfig CWE-285
4.3
2024-01-09 CVE-2024-21736 Improper Authorization vulnerability in SAP S/4Hana Finance 107/128
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks.
network
low complexity
sap CWE-285
6.5
2023-12-29 CVE-2023-52139 Improper Authorization vulnerability in Misskey
Misskey is an open source, decentralized social media platform.
network
low complexity
misskey CWE-285
critical
9.6
2023-12-13 CVE-2023-41673 Improper Authorization vulnerability in Fortinet Fortiadc
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.
network
low complexity
fortinet CWE-285
5.4
2023-11-03 CVE-2023-5948 Improper Authorization vulnerability in Teamamaze Amaze File Utilities
Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.
local
low complexity
teamamaze CWE-285
5.5
2023-10-25 CVE-2023-42491 Improper Authorization vulnerability in Busbaer Eisbaer Scada
EisBaer Scada - CWE-285: Improper Authorization
network
low complexity
busbaer CWE-285
critical
9.8
2023-10-13 CVE-2023-38220 Improper Authorization vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data.
network
low complexity
adobe CWE-285
7.5