Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-02 | CVE-2018-0278 | Incorrect Authorization vulnerability in Cisco Secure Firewall Management Center A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. | 6.5 |
| 2018-05-02 | CVE-2018-5520 | Incorrect Authorization vulnerability in F5 products On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. | 4.4 |
| 2018-04-25 | CVE-2018-10212 | Incorrect Authorization vulnerability in Vaultize Enterprise File Sharing 17.05.31 An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. | 5.4 |
| 2018-04-24 | CVE-2017-1700 | Incorrect Authorization vulnerability in IBM products IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. | 6.5 |
| 2018-04-19 | CVE-2018-0269 | Incorrect Authorization vulnerability in Cisco Digital Network Architecture Center 1.1 A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. | 4.3 |
| 2018-04-18 | CVE-2018-7245 | Incorrect Authorization vulnerability in Schneider-Electric 66074 MGE Network Management Card Transverse An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. | 9.1 |
| 2018-04-18 | CVE-2017-12196 | Incorrect Authorization vulnerability in Redhat products undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. | 5.9 |
| 2018-04-11 | CVE-2017-2599 | Incorrect Authorization vulnerability in Jenkins Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. | 5.4 |
| 2018-04-05 | CVE-2018-1000152 | Incorrect Authorization vulnerability in Jenkins Vsphere An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection"). | 6.3 |
| 2018-03-30 | CVE-2017-1766 | Incorrect Authorization vulnerability in IBM Business Process Manager Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. | 4.3 |