Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2017-9453 | Incorrect Authorization vulnerability in BMC Server Automation 8.6/8.7 BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | 9.8 |
| 2023-09-04 | CVE-2023-3814 | Incorrect Authorization vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. | 4.9 |
| 2023-09-04 | CVE-2023-4269 | Incorrect Authorization vulnerability in Solwininfotech User Activity LOG The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses. | 4.3 |
| 2023-08-28 | CVE-2023-34724 | Incorrect Authorization vulnerability in Jaycar La5570 Firmware 1.0.19T53 An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface. | 6.8 |
| 2023-08-24 | CVE-2023-4227 | Incorrect Authorization vulnerability in Moxa Iologik E4200 Firmware 1.6 A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. | 6.5 |
| 2023-08-23 | CVE-2023-3899 | Incorrect Authorization vulnerability in multiple products A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. | 7.8 |
| 2023-08-22 | CVE-2022-48538 | Incorrect Authorization vulnerability in Cacti 1.2.19 In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. | 5.3 |
| 2023-08-21 | CVE-2023-38035 | Incorrect Authorization vulnerability in Ivanti Mobileiron Sentry 9.18.0 A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | 9.8 |
| 2023-08-17 | CVE-2023-25647 | Incorrect Authorization vulnerability in ZTE products There is a permission and access control vulnerability in some ZTE mobile phones. | 3.3 |
| 2023-08-14 | CVE-2023-32748 | Incorrect Authorization vulnerability in Mitel Mivoice Connect The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | 9.8 |