Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-3592 Incorrect Authorization vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system.
network
low complexity
cisco CWE-863
6.5
2020-11-05 CVE-2020-26506 Incorrect Authorization vulnerability in Marmind 4.1.141.0
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users.
network
low complexity
marmind CWE-863
4.3
2020-10-27 CVE-2020-3852 Incorrect Authorization vulnerability in Apple Safari
A logic issue was addressed with improved validation.
network
low complexity
apple CWE-863
5.3
2020-10-21 CVE-2020-3578 Incorrect Authorization vulnerability in Cisco products
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked.
network
low complexity
cisco CWE-863
6.5
2020-10-21 CVE-2020-27609 Incorrect Authorization vulnerability in Bigbluebutton
BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface.
network
low complexity
bigbluebutton CWE-863
5.3
2020-10-20 CVE-2020-6362 Incorrect Authorization vulnerability in SAP Banking Services 500
SAP Banking Services version 500, use an incorrect authorization object in some of its reports.
network
low complexity
sap CWE-863
6.5
2020-10-15 CVE-2020-27156 Incorrect Authorization vulnerability in Veritas Aptare 10.4
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks.
network
low complexity
veritas CWE-863
critical
9.8
2020-10-13 CVE-2020-13957 Incorrect Authorization vulnerability in Apache Solr
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization.
network
low complexity
apache CWE-863
critical
9.8
2020-10-08 CVE-2020-3467 Incorrect Authorization vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device.
network
low complexity
cisco CWE-863
7.7
2020-10-07 CVE-2020-13335 Incorrect Authorization vulnerability in Gitlab
Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.
network
low complexity
gitlab CWE-863
4.3