Vulnerabilities > Incorrect Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-15	CVE-2022-42978	Incorrect Authorization vulnerability in Atlassian Confluence Data Center In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. network low complexity atlassian CWE-863	7.5
2022-11-14	CVE-2022-39385	Incorrect Authorization vulnerability in Discourse Discourse is the an open source discussion platform. network low complexity discourse CWE-863	6.5
2022-11-10	CVE-2022-39388	Incorrect Authorization vulnerability in Istio 1.15.0/1.15.1/1.15.2 Istio is an open platform to connect, manage, and secure microservices. low complexity istio CWE-863	3.5
2022-11-10	CVE-2022-3819	Incorrect Authorization vulnerability in Gitlab An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to. network low complexity gitlab CWE-863	4.3
2022-11-08	CVE-2022-39352	Incorrect Authorization vulnerability in Openfga OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. network low complexity openfga CWE-863 critical	9.8
2022-11-04	CVE-2022-20942	Incorrect Authorization vulnerability in Cisco Asyncos A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. network low complexity cisco CWE-863	6.5
2022-10-25	CVE-2022-39322	Incorrect Authorization vulnerability in Keystonejs Keystone 2.2.0/2.3.0 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. network low complexity keystonejs CWE-863 critical	9.8
2022-10-10	CVE-2022-42724	Incorrect Authorization vulnerability in Misp-Project Malware Information Sharing Platform app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). network low complexity misp-project CWE-863	4.3
2022-10-07	CVE-2022-41574	Incorrect Authorization vulnerability in Gradle Enterprise An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. network low complexity gradle CWE-863	7.5
2022-10-07	CVE-2022-36634	Incorrect Authorization vulnerability in Zkteco Zkbiosecurity V5000 3.0.5.0R An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. network low complexity zkteco CWE-863	8.8

Vulnerabilities > Incorrect Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Incorrect Authorization"}]}

Vulnerabilities > Incorrect Authorization