Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-09-10 CVE-2016-7071 Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users.
network
low complexity
redhat CWE-285
8.8
2018-08-30 CVE-2016-0373 Improper Authorization vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data.
network
low complexity
ibm CWE-285
4.3
2018-08-28 CVE-2014-6049 Improper Authorization vulnerability in PHPmyfaq
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
network
low complexity
phpmyfaq CWE-285
2.7
2018-04-24 CVE-2013-7245 Improper Authorization vulnerability in Sybase Adaptive Server Enterprise 15.7
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.
network
low complexity
sybase CWE-285
7.5
2018-03-15 CVE-2015-7463 Improper Authorization vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks.
network
low complexity
ibm CWE-285
4.3
2018-03-13 CVE-2016-9575 Improper Authorization vulnerability in Freeipa
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command.
network
low complexity
freeipa CWE-285
6.3
2017-08-29 CVE-2015-3656 Improper Authorization vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
network
low complexity
arubanetworks CWE-285
7.2
2017-06-16 CVE-2016-1000219 Improper Authorization vulnerability in Elastic Kibana
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files.
network
low complexity
elastic CWE-285
7.5
2017-06-06 CVE-2014-9950 Improper Authorization vulnerability in Google Android
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
local
low complexity
google CWE-285
7.8
2017-06-06 CVE-2014-9945 Improper Authorization vulnerability in Google Android
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
local
low complexity
google CWE-285
7.8