Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-45185 Incorrect Authorization vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code.
network
low complexity
ibm CWE-863
8.8
2023-12-12 CVE-2023-49273 Incorrect Authorization vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-863
5.4
2023-12-12 CVE-2020-10676 Incorrect Authorization vulnerability in Suse Rancher
In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.
network
low complexity
suse CWE-863
8.8
2023-12-12 CVE-2023-48227 Incorrect Authorization vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-863
4.3
2023-12-12 CVE-2023-6542 Incorrect Authorization vulnerability in SAP Emarsys SDK 3.6.2
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application.
local
low complexity
sap CWE-863
7.1
2023-12-12 CVE-2023-36646 Incorrect Authorization vulnerability in Prolion Cryptospike 3.0.15
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.
network
low complexity
prolion CWE-863
8.8
2023-12-10 CVE-2023-50457 Incorrect Authorization vulnerability in Zammad 6.1.0/6.2.0
An issue was discovered in Zammad before 6.2.0.
network
low complexity
zammad CWE-863
4.3
2023-12-06 CVE-2023-48859 Incorrect Authorization vulnerability in Totolink A3002Ru Firmware 2.0.0B20190902.1958
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.
network
low complexity
totolink CWE-863
8.8
2023-12-06 CVE-2023-49239 Incorrect Authorization vulnerability in Huawei Emui and Harmonyos
Unauthorized access vulnerability in the card management module.
network
low complexity
huawei CWE-863
7.5
2023-12-06 CVE-2023-49240 Incorrect Authorization vulnerability in Huawei Emui and Harmonyos
Unauthorized access vulnerability in the launcher module.
network
low complexity
huawei CWE-863
7.5