Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2017-08-08 CVE-2017-8633 Incorrect Authorization vulnerability in Microsoft products
Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability".
network
microsoft CWE-863
8.5
2017-07-25 CVE-2017-6672 Incorrect Authorization vulnerability in Cisco ASR 5000 Series Software
A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device.
network
low complexity
cisco CWE-863
5.0
2017-07-07 CVE-2017-7512 Incorrect Authorization vulnerability in Redhat 3Scale API Management Platform
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret.
network
low complexity
redhat CWE-863
7.5
2017-07-04 CVE-2017-10805 Incorrect Authorization vulnerability in Odoo 10.0/8.0/9.0
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.
network
low complexity
odoo CWE-863
6.5
2017-06-14 CVE-2017-8907 Incorrect Authorization vulnerability in Atlassian Bamboo
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so.
network
low complexity
atlassian CWE-863
6.5
2017-06-02 CVE-2017-9378 Incorrect Authorization vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account.
network
low complexity
bigtreecms CWE-863
4.0
2017-05-30 CVE-2017-2306 Incorrect Authorization vulnerability in Juniper Junos Space
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
network
low complexity
juniper CWE-863
6.5
2017-05-30 CVE-2017-2305 Incorrect Authorization vulnerability in Juniper Junos Space
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.
network
low complexity
juniper CWE-863
6.5
2017-05-22 CVE-2017-4915 Incorrect Authorization vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files.
local
low complexity
vmware linux CWE-863
7.2
2017-05-08 CVE-2017-0894 Incorrect Authorization vulnerability in Nextcloud Server
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error.
network
nextcloud CWE-863
4.3