Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-24 | CVE-2024-10295 | A flaw was found in Gateway. | 7.5 |
| 2024-10-23 | CVE-2024-20482 | Incorrect Authorization vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. | 6.5 |
| 2024-10-22 | CVE-2024-49208 | Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06 Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. | 3.1 |
| 2024-10-22 | CVE-2024-49209 | Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06 Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. | 4.3 |
| 2024-10-22 | CVE-2024-48925 | Incorrect Authorization vulnerability in Umbraco CMS Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. | 6.5 |
| 2024-10-22 | CVE-2024-38002 | Incorrect Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API. | 8.8 |
| 2024-10-20 | CVE-2024-10173 | Incorrect Authorization vulnerability in Didiglobal Ddmq A vulnerability has been found in didi DDMQ 1.0 and classified as critical. | 7.5 |
| 2024-10-14 | CVE-2024-48911 | Incorrect Authorization vulnerability in Thinkst Opencanary OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. | 7.8 |
| 2024-10-10 | CVE-2024-45125 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. | 4.3 |
| 2024-10-10 | CVE-2024-45128 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. | 5.4 |