Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-04 | CVE-2020-5333 | Incorrect Authorization vulnerability in RSA Archer RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. | 4.3 |
| 2020-04-29 | CVE-2020-12477 | Incorrect Authorization vulnerability in Teampass 2.1.27.36 The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | 7.5 |
| 2020-04-21 | CVE-2020-10786 | Incorrect Authorization vulnerability in Vestacp Vesta Control Panel A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs. | 8.8 |
| 2020-04-20 | CVE-2020-11753 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.21.1/3.22.0 An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. | 8.8 |
| 2020-04-20 | CVE-2020-5293 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. | 6.5 |
| 2020-04-20 | CVE-2020-5288 | Incorrect Authorization vulnerability in Prestashop "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. | 6.5 |
| 2020-04-20 | CVE-2020-5287 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. | 6.5 |
| 2020-04-20 | CVE-2020-5279 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. | 6.5 |
| 2020-04-15 | CVE-2020-0981 | Incorrect Authorization vulnerability in Microsoft Windows 10 and Windows Server 2016 A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'. | 8.8 |
| 2020-04-14 | CVE-2020-6214 | Incorrect Authorization vulnerability in SAP S/4Hana 100 SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. | 4.7 |