Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2023-22251 | Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. | 4.3 |
| 2023-03-27 | CVE-2023-25017 | RIFARTEK IOT Wall has a vulnerability of incorrect authorization. | 8.1 |
| 2023-03-23 | CVE-2023-23192 | Incorrect Authorization vulnerability in Isdecisions Userlock 11.0.1 IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task. | 7.2 |
| 2023-03-22 | CVE-2023-25594 | Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. | 8.8 |
| 2023-03-22 | CVE-2023-25924 | Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. | 8.8 |
| 2023-03-21 | CVE-2022-45636 | Incorrect Authorization vulnerability in Megafeis Bofei Dbd+ 1.4.3/1.4.4 An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests. | 8.1 |
| 2023-03-21 | CVE-2023-25923 | Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. | 7.5 |
| 2023-03-20 | CVE-2023-27578 | Incorrect Authorization vulnerability in Galaxyproject Galaxy Galaxy is an open-source platform for data analysis. | 7.5 |
| 2023-03-20 | CVE-2023-0940 | Incorrect Authorization vulnerability in Metagauss Profilegrid The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. | 8.8 |
| 2023-03-17 | CVE-2023-27594 | Incorrect Authorization vulnerability in Cilium Cilium is a networking, observability, and security solution with an eBPF-based dataplane. | 7.3 |