Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-25 | CVE-2022-23009 | Incorrect Authorization vulnerability in F5 Big-Iq Centralized Management 8.0.0 On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. | 7.2 |
| 2022-01-24 | CVE-2021-24733 | Incorrect Authorization vulnerability in WP Post Page Clone Project WP Post Page Clone 1.1 The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. | 4.3 |
| 2022-01-21 | CVE-2020-4877 | Incorrect Authorization vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. | 9.8 |
| 2022-01-19 | CVE-2022-21701 | Incorrect Authorization vulnerability in Istio 1.12.0/1.12.1 Istio is an open platform to connect, manage, and secure microservices. | 8.8 |
| 2022-01-19 | CVE-2022-22157 | Incorrect Authorization vulnerability in Juniper Junos A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. | 9.3 |
| 2022-01-18 | CVE-2020-14110 | Incorrect Authorization vulnerability in MI Ax3600 Firmware 1.0.50 AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | 7.8 |
| 2022-01-18 | CVE-2021-37864 | Incorrect Authorization vulnerability in Mattermost Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs. | 6.5 |
| 2022-01-14 | CVE-2021-39630 | Incorrect Authorization vulnerability in Google Android 12.0 In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. | 7.8 |
| 2022-01-13 | CVE-2022-21678 | Incorrect Authorization vulnerability in Discourse Discourse is an open source discussion platform. | 4.3 |
| 2022-01-06 | CVE-2021-4194 | Incorrect Authorization vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Access Control | 6.5 |