Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2023-22251 Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability.
network
low complexity
CWE-863
4.3
2023-03-27 CVE-2023-25017 RIFARTEK IOT Wall has a vulnerability of incorrect authorization.
network
low complexity
CWE-863
8.1
2023-03-23 CVE-2023-23192 Incorrect Authorization vulnerability in Isdecisions Userlock 11.0.1
IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task.
network
low complexity
isdecisions CWE-863
7.2
2023-03-22 CVE-2023-25594 Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager
A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance.
network
low complexity
arubanetworks CWE-863
8.8
2023-03-22 CVE-2023-25924 Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization.
network
low complexity
ibm CWE-863
8.8
2023-03-21 CVE-2022-45636 Incorrect Authorization vulnerability in Megafeis Bofei Dbd+ 1.4.3/1.4.4
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.
low complexity
megafeis CWE-863
8.1
2023-03-21 CVE-2023-25923 Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization.
network
low complexity
ibm CWE-863
7.5
2023-03-20 CVE-2023-27578 Incorrect Authorization vulnerability in Galaxyproject Galaxy
Galaxy is an open-source platform for data analysis.
network
low complexity
galaxyproject CWE-863
7.5
2023-03-20 CVE-2023-0940 Incorrect Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization.
network
low complexity
metagauss CWE-863
8.8
2023-03-17 CVE-2023-27594 Incorrect Authorization vulnerability in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
network
low complexity
cilium CWE-863
7.3