Vulnerabilities > Improper Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-15 | CVE-2018-14662 | Improper Authorization vulnerability in multiple products It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | 5.7 |
| 2018-10-29 | CVE-2016-10734 | Improper Authorization vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. | 9.8 |
| 2018-09-10 | CVE-2016-7035 | Improper Authorization vulnerability in multiple products An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. | 7.8 |
| 2018-09-10 | CVE-2016-7071 | Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. | 8.8 |
| 2018-08-30 | CVE-2016-0373 | Improper Authorization vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. | 4.3 |
| 2018-08-28 | CVE-2014-6049 | Improper Authorization vulnerability in PHPmyfaq phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. | 2.7 |
| 2018-04-24 | CVE-2013-7245 | Improper Authorization vulnerability in Sybase Adaptive Server Enterprise 15.7 The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. | 7.5 |
| 2018-03-15 | CVE-2015-7463 | Improper Authorization vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. | 4.3 |
| 2018-03-13 | CVE-2016-9575 | Improper Authorization vulnerability in Freeipa Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. | 6.3 |
| 2017-08-29 | CVE-2015-3656 | Improper Authorization vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | 7.2 |