Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2017-08-14 CVE-2017-9653 Incorrect Authorization vulnerability in Osisoft products
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017.
network
low complexity
osisoft CWE-863
critical
9.8
2017-08-10 CVE-2016-6797 Incorrect Authorization vulnerability in multiple products
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.
network
low complexity
apache oracle debian netapp canonical redhat CWE-863
7.5
2017-08-08 CVE-2017-8633 Incorrect Authorization vulnerability in Microsoft products
Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability".
network
high complexity
microsoft CWE-863
7.5
2017-07-25 CVE-2017-6672 Incorrect Authorization vulnerability in Cisco ASR 5000 Series Software
A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device.
network
low complexity
cisco CWE-863
7.5
2017-07-07 CVE-2017-7512 Incorrect Authorization vulnerability in Redhat 3Scale API Management Platform
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret.
network
low complexity
redhat CWE-863
critical
9.8
2017-07-04 CVE-2017-10805 Incorrect Authorization vulnerability in Odoo 10.0/8.0/9.0
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.
network
low complexity
odoo CWE-863
8.8
2017-06-14 CVE-2017-8907 Incorrect Authorization vulnerability in Atlassian Bamboo
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so.
network
low complexity
atlassian CWE-863
8.8
2017-06-02 CVE-2017-9378 Incorrect Authorization vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account.
network
low complexity
bigtreecms CWE-863
6.5
2017-05-30 CVE-2017-2306 Incorrect Authorization vulnerability in Juniper Junos Space
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
network
low complexity
juniper CWE-863
8.8
2017-05-30 CVE-2017-2305 Incorrect Authorization vulnerability in Juniper Junos Space
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.
network
low complexity
juniper CWE-863
8.8