Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-20 | CVE-2021-36230 | Incorrect Authorization vulnerability in Hashicorp Terraform HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. | 8.8 |
| 2021-07-16 | CVE-2021-36758 | Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1 1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. | 5.4 |
| 2021-07-15 | CVE-2020-12733 | Incorrect Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. | 7.5 |
| 2021-07-12 | CVE-2021-22515 | Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. | 6.5 |
| 2021-07-07 | CVE-2021-26273 | Incorrect Authorization vulnerability in Ninjarmm 5.0.909 The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. | 7.8 |
| 2021-07-02 | CVE-2021-35197 | Incorrect Authorization vulnerability in multiple products In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. | 7.5 |
| 2021-07-02 | CVE-2021-36132 | Incorrect Authorization vulnerability in Mediawiki An issue was discovered in the FileImporter extension in MediaWiki through 1.36. | 8.8 |
| 2021-07-01 | CVE-2020-27362 | Incorrect Authorization vulnerability in Akkadianlabs Akkadian Provisioning Manager 4.50.02 An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges. | 8.8 |
| 2021-07-01 | CVE-2021-27661 | Incorrect Authorization vulnerability in Johnsoncontrols F4-Snc Firmware 11 Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC. | 8.8 |
| 2021-06-29 | CVE-2021-22119 | Incorrect Authorization vulnerability in multiple products Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. | 7.5 |