Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-20269 | Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. | 9.1 |
| 2023-09-06 | CVE-2023-38486 | Incorrect Authorization vulnerability in Arubanetworks Arubaos A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. | 6.4 |
| 2023-09-06 | CVE-2023-27526 | Incorrect Authorization vulnerability in Apache Superset A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. | 4.3 |
| 2023-09-06 | CVE-2023-36387 | Incorrect Authorization vulnerability in Apache Superset An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. | 5.4 |
| 2023-09-05 | CVE-2017-9453 | Incorrect Authorization vulnerability in BMC Server Automation 8.6/8.7 BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | 9.8 |
| 2023-09-04 | CVE-2023-3814 | Incorrect Authorization vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. | 4.9 |
| 2023-09-04 | CVE-2023-4269 | Incorrect Authorization vulnerability in Solwininfotech User Activity LOG The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses. | 4.3 |
| 2023-08-28 | CVE-2023-34724 | Incorrect Authorization vulnerability in Jaycar La5570 Firmware 1.0.19T53 An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface. | 6.8 |
| 2023-08-24 | CVE-2023-4227 | Incorrect Authorization vulnerability in Moxa Iologik E4200 Firmware 1.6 A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. | 6.5 |
| 2023-08-23 | CVE-2023-3899 | Incorrect Authorization vulnerability in multiple products A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. | 7.8 |