Vulnerabilities > Incorrect Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-12	CVE-2023-36646	Incorrect Authorization vulnerability in Prolion Cryptospike 3.0.15 Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation. network low complexity prolion CWE-863	8.8
2023-12-10	CVE-2023-50457	Incorrect Authorization vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. network low complexity zammad CWE-863	4.3
2023-12-06	CVE-2023-48859	Incorrect Authorization vulnerability in Totolink A3002Ru Firmware 2.0.0B20190902.1958 TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. network low complexity totolink CWE-863	8.8
2023-12-06	CVE-2023-49239	Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Unauthorized access vulnerability in the card management module. network low complexity huawei CWE-863	7.5
2023-12-06	CVE-2023-49240	Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Unauthorized access vulnerability in the launcher module. network low complexity huawei CWE-863	7.5
2023-12-05	CVE-2023-33071	Incorrect Authorization vulnerability in Qualcomm products Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. local low complexity qualcomm CWE-863	7.8
2023-12-05	CVE-2023-42569	Incorrect Authorization vulnerability in Samsung Android 11.0/13.0 Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. local low complexity samsung CWE-863	3.3
2023-12-05	CVE-2023-42575	Incorrect Authorization vulnerability in Samsung Pass 4.0.05.1/4.2.03.1 Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. low complexity samsung CWE-863	6.8
2023-12-03	CVE-2023-49947	Incorrect Authorization vulnerability in Forgejo Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication. network low complexity forgejo CWE-863	7.5
2023-12-01	CVE-2023-42006	Incorrect Authorization vulnerability in IBM I IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. local low complexity ibm CWE-863	5.5

Vulnerabilities > Incorrect Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Incorrect Authorization"}]}

Vulnerabilities > Incorrect Authorization