Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-09 | CVE-2020-25655 | Incorrect Authorization vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. | 6.5 |
| 2020-11-06 | CVE-2020-3600 | Incorrect Authorization vulnerability in Cisco Sd-Wan A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. | 7.8 |
| 2020-11-06 | CVE-2020-3592 | Incorrect Authorization vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. | 6.5 |
| 2020-11-05 | CVE-2020-26506 | Incorrect Authorization vulnerability in Marmind 4.1.141.0 An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. | 4.3 |
| 2020-10-27 | CVE-2020-3852 | Incorrect Authorization vulnerability in Apple Safari A logic issue was addressed with improved validation. | 5.3 |
| 2020-10-21 | CVE-2020-3578 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. | 6.5 |
| 2020-10-21 | CVE-2020-27609 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. | 5.3 |
| 2020-10-20 | CVE-2020-6362 | Incorrect Authorization vulnerability in SAP Banking Services 500 SAP Banking Services version 500, use an incorrect authorization object in some of its reports. | 6.5 |
| 2020-10-15 | CVE-2020-27156 | Incorrect Authorization vulnerability in Veritas Aptare 10.4 Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. | 9.8 |
| 2020-10-13 | CVE-2020-13957 | Incorrect Authorization vulnerability in Apache Solr Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. | 9.8 |