Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-01-04 CVE-2018-0803 Incorrect Authorization vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".
network
high complexity
microsoft CWE-863
4.2
2017-11-30 CVE-2017-17067 Incorrect Authorization vulnerability in Splunk
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.
network
low complexity
splunk CWE-863
critical
9.8
2017-11-27 CVE-2017-1628 Incorrect Authorization vulnerability in IBM Business Process Manager 8.6.0.0
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.
network
low complexity
ibm CWE-863
6.5
2017-11-22 CVE-2017-8216 Incorrect Authorization vulnerability in Huawei P10 Lite Firmware Warsawal00C00B180
Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability.
local
low complexity
huawei CWE-863
5.5
2017-11-22 CVE-2017-8196 Incorrect Authorization vulnerability in Huawei Fusionsphere V100R006C00Spc102(Nfv)
FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability.
local
low complexity
huawei CWE-863
4.2
2017-11-22 CVE-2017-8192 Incorrect Authorization vulnerability in Huawei Fusionsphere Openstack V100R006C00
FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability.
local
low complexity
huawei CWE-863
7.8
2017-11-14 CVE-2017-3891 Incorrect Authorization vulnerability in Blackberry QNX Software Development Platform 6.6.0
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.
network
high complexity
blackberry CWE-863
8.1
2017-11-02 CVE-2017-12261 Incorrect Authorization vulnerability in Cisco products
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges.
local
low complexity
cisco CWE-863
7.8
2017-10-27 CVE-2017-5060 Incorrect Authorization vulnerability in multiple products
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
network
low complexity
google redhat CWE-863
6.5
2017-10-19 CVE-2017-10379 Incorrect Authorization vulnerability in multiple products
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs).
network
low complexity
oracle mariadb debian redhat netapp CWE-863
6.5