Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2021-07-19 CVE-2021-35964 Improper Authorization vulnerability in Learningdigital Orca HCM
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
network
low complexity
learningdigital CWE-285
7.5
2021-07-07 CVE-2021-32523 Improper Authorization vulnerability in Qsan Storage Manager
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands.
network
low complexity
qsan CWE-285
6.5
2021-06-28 CVE-2021-28563 Improper Authorization vulnerability in Magento
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint.
network
low complexity
magento CWE-285
6.4
2021-06-07 CVE-2020-25716 Improper Authorization vulnerability in Redhat Cloudforms
A flaw was found in Cloudforms.
network
low complexity
redhat CWE-285
5.5
2021-06-07 CVE-2020-1690 Improper Authorization vulnerability in Redhat Openstack-Selinux and Openstack Platform
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation.
local
low complexity
redhat CWE-285
4.9
2021-05-28 CVE-2021-32619 Improper Authorization vulnerability in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust.
network
low complexity
deno CWE-285
7.5
2021-05-28 CVE-2021-32620 Improper Authorization vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-285
4.0
2021-05-27 CVE-2020-10716 Improper Authorization vulnerability in multiple products
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view.
network
low complexity
redhat theforeman CWE-285
4.0
2021-05-14 CVE-2021-24188 Improper Authorization vulnerability in Wp-Buy WP Content Copy Protection & NO Right Click
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
network
low complexity
wp-buy CWE-285
6.5
2021-05-14 CVE-2021-24190 Improper Authorization vulnerability in Wp-Buy Conditional Marketing Mailer
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
network
low complexity
wp-buy CWE-285
6.5