Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-38503 | Incorrect Authorization vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 6.5 |
| 2023-07-25 | CVE-2023-36826 | Incorrect Authorization vulnerability in Sentry Sentry is an error tracking and performance monitoring platform. | 6.5 |
| 2023-07-24 | CVE-2023-38058 | Incorrect Authorization vulnerability in Otrs An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35. | 4.3 |
| 2023-07-21 | CVE-2023-36339 | Incorrect Authorization vulnerability in Webboss Webboss.Io CMS An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request. | 7.5 |
| 2023-07-20 | CVE-2023-32482 | Incorrect Authorization vulnerability in Dell Wyse Management Suite Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. | 4.9 |
| 2023-07-18 | CVE-2023-34035 | Incorrect Authorization vulnerability in VMWare Spring Security Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints | 5.3 |
| 2023-07-18 | CVE-2022-26563 | Incorrect Authorization vulnerability in Tildeslash Monit An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. | 8.8 |
| 2023-07-17 | CVE-2023-3582 | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, | 4.3 |
| 2023-07-17 | CVE-2023-3584 | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme. | 3.1 |
| 2023-07-17 | CVE-2023-3586 | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible. | 5.4 |