Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-01-19 CVE-2017-12113 Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).
network
high complexity
ethereum CWE-863
8.1
2018-01-19 CVE-2017-12117 Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).
network
high complexity
ethereum CWE-863
8.1
2018-01-19 CVE-2017-12115 Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).
network
high complexity
ethereum CWE-863
8.1
2018-01-19 CVE-2017-12114 Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).
network
high complexity
ethereum CWE-863
6.8
2018-01-19 CVE-2017-12112 Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum
An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).
network
high complexity
ethereum CWE-863
8.1
2018-01-18 CVE-2018-0110 Incorrect Authorization vulnerability in Cisco Webex Meetings Server
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application.
network
low complexity
cisco CWE-863
8.1
2018-01-18 CVE-2018-0096 Incorrect Authorization vulnerability in Cisco Prime Infrastructure 3.2(0.0)/3.3(0.0)
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration.
network
high complexity
cisco CWE-863
5.9
2018-01-12 CVE-2017-16743 Incorrect Authorization vulnerability in Phoenixcontact products
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32.
network
low complexity
phoenixcontact CWE-863
critical
9.8
2018-01-09 CVE-2018-2361 Incorrect Authorization vulnerability in SAP Solution Manager 7.20
In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.
network
low complexity
sap CWE-863
8.8
2018-01-05 CVE-2017-4946 Incorrect Authorization vulnerability in VMWare products
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability.
local
low complexity
vmware CWE-863
7.8