Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-8606 | Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0 Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication | 8.8 |
| 2024-09-20 | CVE-2024-47060 | Incorrect Authorization vulnerability in Zitadel Zitadel is an open source identity management platform. | 6.5 |
| 2024-09-19 | CVE-2024-47159 | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project | 4.3 |
| 2024-09-19 | CVE-2024-47160 | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible | 5.3 |
| 2024-09-15 | CVE-2024-46918 | Incorrect Authorization vulnerability in Misp app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. | 4.9 |
| 2024-09-12 | CVE-2024-2743 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables. | 9.1 |
| 2024-09-11 | CVE-2024-8691 | Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. | 7.1 |
| 2024-09-11 | CVE-2024-4465 | Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. | 5.0 |
| 2024-09-10 | CVE-2024-42423 | Incorrect Authorization vulnerability in Citrix Workspace 23.9.0.24.4 Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. | 7.1 |
| 2024-09-10 | CVE-2024-44114 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. | 2.7 |