Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-25547 | Incorrect Authorization vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. | 8.8 |
| 2023-04-18 | CVE-2023-25548 | Incorrect Authorization vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. | 6.5 |
| 2023-04-18 | CVE-2023-2020 | Incorrect Authorization vulnerability in Checkmk 2.1.0/2.2.0 Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. | 4.3 |
| 2023-04-17 | CVE-2023-27525 | Incorrect Authorization vulnerability in Apache Superset An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1 | 4.3 |
| 2023-04-17 | CVE-2023-30771 | Incorrect Authorization vulnerability in Apache Iotdb web Workbench 0.13.3 Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. | 9.8 |
| 2023-04-15 | CVE-2020-17354 | Incorrect Authorization vulnerability in Lilypond LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. | 8.6 |
| 2023-04-12 | CVE-2023-22620 | Incorrect Authorization vulnerability in Securepoint Unified Threat Management An issue was discovered in SecurePoint UTM before 12.2.5.1. | 7.5 |
| 2023-04-11 | CVE-2023-25415 | Incorrect Authorization vulnerability in Aten Pe8108 Firmware 2.4.232 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. | 5.3 |
| 2023-04-11 | CVE-2022-40682 | Incorrect Authorization vulnerability in Fortinet Forticlient A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. | 7.8 |
| 2023-04-11 | CVE-2022-43770 | Incorrect Authorization vulnerability in Hitachivantara Pentaho Business Analytics Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API. | 8.1 |