Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-24 | CVE-2018-11047 | Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. | 7.5 |
| 2018-07-24 | CVE-2017-3183 | Incorrect Authorization vulnerability in Sage XRT Treasury 3.0 Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. | 8.8 |
| 2018-07-23 | CVE-2018-1999004 | Incorrect Authorization vulnerability in multiple products A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches. | 4.3 |
| 2018-07-23 | CVE-2018-1999003 | Incorrect Authorization vulnerability in multiple products A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds. | 4.3 |
| 2018-07-13 | CVE-2018-1245 | Incorrect Authorization vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0 RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). | 8.8 |
| 2018-07-06 | CVE-2018-13109 | Incorrect Authorization vulnerability in Adbglobal products All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). | 7.5 |
| 2018-07-05 | CVE-2018-12103 | Incorrect Authorization vulnerability in multiple products An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). | 6.5 |
| 2018-07-05 | CVE-2017-16773 | Incorrect Authorization vulnerability in Synology Universal Search Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | 8.8 |
| 2018-06-21 | CVE-2018-0337 | Incorrect Authorization vulnerability in Cisco Nx-Os A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. | 7.8 |
| 2018-06-14 | CVE-2018-8927 | Incorrect Authorization vulnerability in Synology Calendar Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. | 6.5 |