Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-09-23 CVE-2024-8606 Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
network
low complexity
checkmk CWE-863
8.8
2024-09-20 CVE-2024-47060 Incorrect Authorization vulnerability in Zitadel
Zitadel is an open source identity management platform.
network
low complexity
zitadel CWE-863
6.5
2024-09-19 CVE-2024-47159 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
network
low complexity
jetbrains CWE-863
4.3
2024-09-19 CVE-2024-47160 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
network
low complexity
jetbrains CWE-863
5.3
2024-09-15 CVE-2024-46918 Incorrect Authorization vulnerability in Misp
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
network
low complexity
misp CWE-863
4.9
2024-09-12 CVE-2024-2743 Incorrect Authorization vulnerability in Gitlab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.
network
low complexity
gitlab CWE-863
critical
9.1
2024-09-11 CVE-2024-8691 Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user.
network
low complexity
paloaltonetworks CWE-863
7.1
2024-09-11 CVE-2024-4465 Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration.
network
high complexity
nozominetworks CWE-863
5.0
2024-09-10 CVE-2024-42423 Incorrect Authorization vulnerability in Citrix Workspace 23.9.0.24.4
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin.
local
low complexity
citrix CWE-863
7.1
2024-09-10 CVE-2024-44114 Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network.
network
low complexity
sap CWE-863
2.7