Vulnerabilities > Incorrect Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-14	CVE-2021-28825	Incorrect Authorization vulnerability in Tibco Messaging - Eclipse Mosquitto Distribution - Core The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. local low complexity tibco CWE-863	7.8
2021-04-13	CVE-2021-29439	Incorrect Authorization vulnerability in Getgrav Grav Admin The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. network low complexity getgrav CWE-863	7.2
2021-04-13	CVE-2021-27086	Incorrect Authorization vulnerability in Microsoft products Windows Services and Controller App Elevation of Privilege Vulnerability local low complexity microsoft CWE-863	7.8
2021-04-13	CVE-2021-29943	Incorrect Authorization vulnerability in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. network low complexity apache CWE-863 critical	9.1
2021-04-12	CVE-2019-15059	Incorrect Authorization vulnerability in Lispbx Project Lispbx 2.04/2.05 In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. network low complexity lispbx-project CWE-863	7.5
2021-04-12	CVE-2020-28872	Incorrect Authorization vulnerability in Monitorr 1.7.6M An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. network low complexity monitorr CWE-863 critical	9.8
2021-04-09	CVE-2021-25356	Incorrect Authorization vulnerability in Google Android An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. local low complexity google CWE-863	8.8
2021-04-08	CVE-2020-14106	Incorrect Authorization vulnerability in MI Miui 12.5/12.5.2/2020.01.15 The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26. local low complexity mi CWE-863	5.5
2021-04-02	CVE-2020-27901	Incorrect Authorization vulnerability in Apple Macos A logic issue was addressed with improved restrictions. local low complexity apple CWE-863	6.3
2021-04-01	CVE-2021-26718	Incorrect Authorization vulnerability in Kaspersky Internet Security KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. local low complexity kaspersky CWE-863	5.5

Vulnerabilities > Incorrect Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Incorrect Authorization"}]}

Vulnerabilities > Incorrect Authorization