Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-30 | CVE-2021-28674 | Incorrect Authorization vulnerability in Solarwinds Orion Platform The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. | 5.4 |
2021-07-26 | CVE-2021-36091 | Incorrect Authorization vulnerability in Otrs Agents are able to list appointments in the calendars without required permissions. | 4.3 |
2021-07-20 | CVE-2021-36230 | Incorrect Authorization vulnerability in Hashicorp Terraform HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. | 8.8 |
2021-07-16 | CVE-2021-36758 | Incorrect Authorization vulnerability in 1Password Connect 1.0.1/1.1.0/1.1.1 1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. | 5.4 |
2021-07-15 | CVE-2020-12733 | Incorrect Authorization vulnerability in Depstech Wifi Digital Microscope 3 Firmware Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. | 7.5 |
2021-07-12 | CVE-2021-22515 | Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. | 6.5 |
2021-07-07 | CVE-2021-26273 | Incorrect Authorization vulnerability in Ninjarmm 5.0.909 The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. | 7.8 |
2021-07-02 | CVE-2021-35197 | Incorrect Authorization vulnerability in multiple products In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. | 7.5 |
2021-07-02 | CVE-2021-36132 | Incorrect Authorization vulnerability in Mediawiki An issue was discovered in the FileImporter extension in MediaWiki through 1.36. | 8.8 |
2021-07-01 | CVE-2020-27362 | Incorrect Authorization vulnerability in Akkadianlabs Akkadian Provisioning Manager 4.50.02 An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges. | 8.8 |