Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2020-05-06 CVE-2020-7921 Incorrect Authorization vulnerability in Mongodb
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action.
network
high complexity
mongodb CWE-863
5.3
2020-05-06 CVE-2020-4446 Incorrect Authorization vulnerability in IBM products
IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks.
network
low complexity
ibm CWE-863
4.0
2020-05-06 CVE-2020-2188 Incorrect Authorization vulnerability in Jenkins Amazon EC2
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
network
low complexity
jenkins CWE-863
4.3
2020-05-04 CVE-2020-5343 Incorrect Authorization vulnerability in Dell OS Recovery Image FOR Microsoft Windows 10
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability.
local
low complexity
dell CWE-863
7.2
2020-05-04 CVE-2020-5333 Incorrect Authorization vulnerability in RSA Archer
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API.
network
low complexity
rsa CWE-863
4.0
2020-04-27 CVE-2020-1807 Incorrect Authorization vulnerability in Huawei Mate 20 Firmware
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability.
local
low complexity
huawei CWE-863
3.6
2020-04-21 CVE-2020-11891 Incorrect Authorization vulnerability in Joomla Joomla!
An issue was discovered in Joomla! before 3.9.17.
network
low complexity
joomla CWE-863
5.0
2020-04-21 CVE-2020-11889 Incorrect Authorization vulnerability in Joomla Joomla!
An issue was discovered in Joomla! before 3.9.17.
network
low complexity
joomla CWE-863
5.0
2020-04-20 CVE-2020-11753 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.21.1/3.22.0
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0.
network
low complexity
sonatype CWE-863
8.8
2020-04-20 CVE-2020-5293 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices.
network
low complexity
prestashop CWE-863
6.4