Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-06 | CVE-2021-38137 | Incorrect Authorization vulnerability in Corero Securewatch Managed Services 9.7.2.0020 Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role. | 8.1 |
| 2021-08-05 | CVE-2021-22240 | Incorrect Authorization vulnerability in Gitlab Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | 4.3 |
| 2021-08-03 | CVE-2020-19301 | Incorrect Authorization vulnerability in Vaethink 1.0.1 A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter. | 9.8 |
| 2021-08-03 | CVE-2021-33335 | Incorrect Authorization vulnerability in Liferay DXP and Liferay Portal Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user. | 7.2 |
| 2021-08-03 | CVE-2021-30571 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-08-02 | CVE-2021-22389 | Incorrect Authorization vulnerability in Huawei Emui and Magic UI There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. | 9.8 |
| 2021-08-02 | CVE-2021-22398 | Incorrect Authorization vulnerability in Huawei products There is a logic error vulnerability in several smartphones. | 4.6 |
| 2021-07-30 | CVE-2021-22521 | Incorrect Authorization vulnerability in Microfocus products A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. | 6.7 |
| 2021-07-30 | CVE-2021-28674 | Incorrect Authorization vulnerability in Solarwinds Orion Platform The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. | 5.4 |
| 2021-07-26 | CVE-2021-36091 | Incorrect Authorization vulnerability in Otrs Agents are able to list appointments in the calendars without required permissions. | 4.3 |