Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-41939 | Incorrect Authorization vulnerability in Siemens Sinec NMS 1.0/1.0.3/2.0 A vulnerability has been identified in SINEC NMS (All versions < V3.0). | 8.8 |
| 2024-08-13 | CVE-2024-41941 | Incorrect Authorization vulnerability in Siemens Sinec NMS 1.0/1.0.3/2.0 A vulnerability has been identified in SINEC NMS (All versions < V3.0). | 4.3 |
| 2024-08-12 | CVE-2024-42473 | Incorrect Authorization vulnerability in Openfga 1.5.7/1.5.8 OpenFGA is an authorization/permission engine. | 9.8 |
| 2024-08-07 | CVE-2024-7265 | Incorrect Authorization vulnerability in Nask EZD RP Incorrect User Management vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. | 8.8 |
| 2024-08-07 | CVE-2024-7266 | Incorrect Authorization vulnerability in Nask EZD RP Incorrect User Management vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. | 4.3 |
| 2024-08-07 | CVE-2024-42062 | Incorrect Authorization vulnerability in Apache Cloudstack CloudStack account-users by default use username and password based authentication for API and UI access. | 7.2 |
| 2024-08-06 | CVE-2024-6358 | Incorrect Authorization vulnerability in Opentext Arcsight Intelligence Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. | 8.8 |
| 2024-08-06 | CVE-2024-6202 | Incorrect Authorization vulnerability in Haloservicesolutions Haloitsm HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. | 9.8 |
| 2024-08-05 | CVE-2024-38856 | Incorrect Authorization vulnerability in Apache Ofbiz Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). | 9.8 |
| 2024-07-26 | CVE-2024-7062 | Incorrect Authorization vulnerability in Mikekazakov Nimble Commander Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. | 7.8 |