Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-01 | CVE-2021-25097 | Incorrect Authorization vulnerability in Creativityjuice Labtools 1.0 The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication | 6.5 |
| 2022-02-01 | CVE-2021-41571 | Incorrect Authorization vulnerability in Apache Pulsar In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. | 6.5 |
| 2022-01-26 | CVE-2021-46561 | Incorrect Authorization vulnerability in Mitre CVE Services 1.1.1 controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization. | 6.5 |
| 2022-01-25 | CVE-2021-4133 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | 6.5 |
| 2022-01-25 | CVE-2022-0333 | Incorrect Authorization vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. | 3.8 |
| 2022-01-25 | CVE-2022-23009 | Incorrect Authorization vulnerability in F5 Big-Iq Centralized Management 8.0.0 On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. | 9.0 |
| 2022-01-24 | CVE-2021-24733 | Incorrect Authorization vulnerability in WP Post Page Clone Project WP Post Page Clone 1.1 The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. | 4.0 |
| 2022-01-21 | CVE-2020-4877 | Incorrect Authorization vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. | 7.5 |
| 2022-01-19 | CVE-2022-21701 | Incorrect Authorization vulnerability in Istio 1.12.0/1.12.1 Istio is an open platform to connect, manage, and secure microservices. | 6.0 |
| 2022-01-19 | CVE-2022-22157 | Incorrect Authorization vulnerability in Juniper Junos A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. | 5.8 |