Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-6358 | Incorrect Authorization vulnerability in Opentext Arcsight Intelligence Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. | 8.8 |
| 2024-08-06 | CVE-2024-6202 | Incorrect Authorization vulnerability in Haloservicesolutions Haloitsm HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. | 9.8 |
| 2024-07-26 | CVE-2024-7062 | Incorrect Authorization vulnerability in Mikekazakov Nimble Commander Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. | 7.8 |
| 2024-07-16 | CVE-2024-5816 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. | 5.3 |
| 2024-07-16 | CVE-2024-5817 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. | 6.5 |
| 2024-07-02 | CVE-2024-39324 | Incorrect Authorization vulnerability in Aimeos Ai-Admin-Graphql aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. | 3.8 |
| 2024-06-27 | CVE-2024-4011 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. | 4.3 |
| 2024-06-27 | CVE-2024-6323 | Incorrect Authorization vulnerability in Gitlab Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project. | 7.5 |
| 2024-06-24 | CVE-2024-38369 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.3 |
| 2024-06-11 | CVE-2024-31402 | Incorrect Authorization vulnerability in Cybozu Garoon Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. | 4.3 |