Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-13 | CVE-2018-1245 | Incorrect Authorization vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0 RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). | 8.8 |
| 2018-07-06 | CVE-2018-13109 | Incorrect Authorization vulnerability in Adbglobal products All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). | 7.5 |
| 2018-07-05 | CVE-2018-12103 | Incorrect Authorization vulnerability in multiple products An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). | 6.5 |
| 2018-07-05 | CVE-2017-16773 | Incorrect Authorization vulnerability in Synology Universal Search Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | 8.8 |
| 2018-06-21 | CVE-2018-0337 | Incorrect Authorization vulnerability in Cisco Nx-Os A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. | 7.8 |
| 2018-06-14 | CVE-2018-8927 | Incorrect Authorization vulnerability in Synology Calendar Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. | 6.5 |
| 2018-06-13 | CVE-2017-15695 | Incorrect Authorization vulnerability in Apache Geode When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. | 8.8 |
| 2018-06-07 | CVE-2018-0338 | Incorrect Authorization vulnerability in Cisco Unified Computing System A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. | 7.8 |
| 2018-06-05 | CVE-2018-1000197 | Incorrect Authorization vulnerability in Jenkins Black Duck HUB An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration. | 8.1 |
| 2018-05-31 | CVE-2018-11142 | Incorrect Authorization vulnerability in Quest Kace System Management Appliance 8.0.318 The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. | 5.5 |