Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-31 | CVE-2018-11142 | Incorrect Authorization vulnerability in Quest Kace System Management Appliance 8.0.318 The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. | 5.5 |
| 2018-05-24 | CVE-2018-1000155 | Incorrect Authorization vulnerability in Opennetworking Openflow OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. | 9.8 |
| 2018-05-17 | CVE-2018-1463 | Incorrect Authorization vulnerability in IBM products IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. | 6.5 |
| 2018-05-17 | CVE-2018-1462 | Incorrect Authorization vulnerability in IBM products IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. | 7.6 |
| 2018-05-11 | CVE-2018-1278 | Incorrect Authorization vulnerability in Pivotal Software Pivotal Application Service Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. | 6.5 |
| 2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 8.8 |
| 2018-05-08 | CVE-2017-2611 | Incorrect Authorization vulnerability in multiple products Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). | 4.3 |
| 2018-05-02 | CVE-2018-0278 | Incorrect Authorization vulnerability in Cisco Secure Firewall Management Center A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. | 6.5 |
| 2018-05-02 | CVE-2018-5520 | Incorrect Authorization vulnerability in F5 products On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. | 4.4 |
| 2018-04-25 | CVE-2018-10212 | Incorrect Authorization vulnerability in Vaultize Enterprise File Sharing 17.05.31 An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. | 5.4 |