Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2020-6307 | Incorrect Authorization vulnerability in SAP Basis Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | 4.3 |
| 2020-01-10 | CVE-2012-3821 | Incorrect Authorization vulnerability in Arialsoftware Campaign Enterprise 11.0.551 A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. | 4.3 |
| 2020-01-10 | CVE-2012-3822 | Incorrect Authorization vulnerability in Arialsoftware Campaign Enterprise 11.0.551 Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | 7.5 |
| 2020-01-08 | CVE-2019-17014 | Incorrect Authorization vulnerability in Mozilla Firefox If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. | 7.4 |
| 2020-01-08 | CVE-2016-6591 | Incorrect Authorization vulnerability in Symantec Norton APP Lock 1.0.3.186 A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | 7.1 |
| 2020-01-07 | CVE-2019-14843 | Incorrect Authorization vulnerability in Redhat products A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. | 8.8 |
| 2020-01-06 | CVE-2019-6855 | Incorrect Authorization vulnerability in Schneider-Electric products Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. | 7.3 |
| 2020-01-02 | CVE-2014-0169 | Incorrect Authorization vulnerability in Redhat Jboss Enterprise Application Platform 6.0.0 In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. | 6.5 |
| 2020-01-02 | CVE-2010-3782 | Incorrect Authorization vulnerability in multiple products obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. | 8.8 |
| 2020-01-02 | CVE-2019-20213 | Incorrect Authorization vulnerability in Dlink products D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | 7.5 |