Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-8212 | Incorrect Authorization vulnerability in Citrix Xenmobile Server Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. | 9.8 |
| 2020-08-14 | CVE-2020-7583 | Incorrect Authorization vulnerability in Siemens Automation License Manager A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). | 7.8 |
| 2020-08-12 | CVE-2020-7300 | Incorrect Authorization vulnerability in Mcafee Data Loss Prevention Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. | 6.3 |
| 2020-08-12 | CVE-2020-2233 | Incorrect Authorization vulnerability in Jenkins Pipeline Maven Integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 6.5 |
| 2020-08-11 | CVE-2020-17448 | Incorrect Authorization vulnerability in Telegram Desktop Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. | 7.8 |
| 2020-08-10 | CVE-2020-12780 | Incorrect Authorization vulnerability in Combodo Itop A security misconfiguration exists in Combodo iTop, which can expose sensitive information. | 7.5 |
| 2020-07-31 | CVE-2020-3386 | Incorrect Authorization vulnerability in Cisco Data Center Network Manager A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. | 8.8 |
| 2020-07-31 | CVE-2020-3374 | Incorrect Authorization vulnerability in Cisco Sd-Wan A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. | 9.9 |
| 2020-07-29 | CVE-2020-14486 | Incorrect Authorization vulnerability in Openclinic GA Project Openclinic GA 5.09.02/5.89.05B An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands. | 8.8 |
| 2020-07-27 | CVE-2020-15120 | Incorrect Authorization vulnerability in Ihatemoney I Hate Money In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. | 4.9 |