Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2021-11-24 CVE-2021-20835 Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained.
network
low complexity
CWE-863
5.0
2021-11-24 CVE-2021-20841 Incorrect Authorization vulnerability in Ec-Cube
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.
network
low complexity
ec-cube CWE-863
4.0
2021-11-23 CVE-2021-36311 Incorrect Authorization vulnerability in Dell EMC Networker
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability.
local
low complexity
dell CWE-863
4.6
2021-11-19 CVE-2021-39232 Incorrect Authorization vulnerability in Apache Ozone
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.
network
low complexity
apache CWE-863
6.5
2021-11-19 CVE-2021-39233 Incorrect Authorization vulnerability in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.
network
low complexity
apache CWE-863
6.4
2021-11-19 CVE-2021-39234 Incorrect Authorization vulnerability in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.
network
apache CWE-863
4.9
2021-11-18 CVE-2021-35534 Incorrect Authorization vulnerability in Hitachi products
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product.
network
low complexity
hitachi CWE-863
critical
9.0
2021-11-18 CVE-2021-36909 Incorrect Authorization vulnerability in Webfactoryltd WP Reset PRO
Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization.
network
low complexity
webfactoryltd CWE-863
5.5
2021-11-17 CVE-2021-0110 Incorrect Authorization vulnerability in Intel Thunderbolt DCH Driver
Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access.
local
low complexity
intel CWE-863
2.1
2021-11-17 CVE-2021-0151 Incorrect Authorization vulnerability in Intel products
Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-863
4.6