Vulnerabilities > Incorrect Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-12	CVE-2024-50310	Incorrect Authorization vulnerability in Siemens Simatic CP 1543-1 Firmware A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). network low complexity siemens CWE-863	7.5
2024-11-09	CVE-2024-42000	Incorrect Authorization vulnerability in Mattermost Server Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels. network low complexity mattermost CWE-863	4.3
2024-11-06	CVE-2024-20537	Incorrect Authorization vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. network low complexity cisco CWE-863	6.5
2024-11-04	CVE-2024-45164	Incorrect Authorization vulnerability in Akamai Secure Internet Access Enterprise Threatavert 19.2.0.2 Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. network low complexity akamai CWE-863	7.1
2024-11-01	CVE-2024-49256	Incorrect Authorization vulnerability in Wpchill Htaccess File Editor Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18. network low complexity wpchill CWE-863	8.8
2024-10-29	CVE-2024-48921	Incorrect Authorization vulnerability in Nirmata Kyverno Kyverno is a policy engine designed for Kubernetes. network low complexity nirmata CWE-863	2.7
2024-10-28	CVE-2024-44217	Incorrect Authorization vulnerability in Apple Iphone OS A permissions issue was addressed by removing vulnerable code and adding additional checks. network low complexity apple CWE-863 critical	9.1
2024-10-25	CVE-2022-30356	Incorrect Authorization vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . network low complexity ovaledge CWE-863	4.7
2024-10-25	CVE-2022-30358	Incorrect Authorization vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. network low complexity ovaledge CWE-863	8.8
2024-10-25	CVE-2024-49376	Incorrect Authorization vulnerability in Autolabproject Autolab 3.0.0 Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. network low complexity autolabproject CWE-863	8.8

Vulnerabilities > Incorrect Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Incorrect Authorization"}]}

Vulnerabilities > Incorrect Authorization