Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2021-07-30 CVE-2021-28674 Incorrect Authorization vulnerability in Solarwinds Orion Platform
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions.
network
low complexity
solarwinds CWE-863
5.4
2021-07-26 CVE-2021-36091 Incorrect Authorization vulnerability in Otrs
Agents are able to list appointments in the calendars without required permissions.
network
low complexity
otrs CWE-863
4.3
2021-07-20 CVE-2021-36230 Incorrect Authorization vulnerability in Hashicorp Terraform
HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner.
network
low complexity
hashicorp CWE-863
8.8
2021-07-16 CVE-2021-36758 Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1
1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation.
network
low complexity
1password CWE-863
5.4
2021-07-15 CVE-2020-12733 Incorrect Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware
Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account.
network
low complexity
depstech CWE-863
7.5
2021-07-12 CVE-2021-22515 Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.
network
low complexity
microfocus CWE-863
6.5
2021-07-07 CVE-2021-26273 Incorrect Authorization vulnerability in Ninjarmm 5.0.909
The Agent in NinjaRMM 5.0.909 has Incorrect Access Control.
local
low complexity
ninjarmm CWE-863
7.8
2021-07-02 CVE-2021-35197 Incorrect Authorization vulnerability in multiple products
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access.
network
low complexity
mediawiki debian fedoraproject CWE-863
7.5
2021-07-02 CVE-2021-36132 Incorrect Authorization vulnerability in Mediawiki
An issue was discovered in the FileImporter extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-863
8.8
2021-07-01 CVE-2020-27362 Incorrect Authorization vulnerability in Akkadianlabs Akkadian Provisioning Manager 4.50.02
An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges.
network
low complexity
akkadianlabs CWE-863
8.8