Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-08-07 CVE-2024-7266 Incorrect Authorization vulnerability in Nask EZD RP
Incorrect User Management vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.
network
low complexity
nask CWE-863
4.3
2024-08-07 CVE-2024-42062 Incorrect Authorization vulnerability in Apache Cloudstack
CloudStack account-users by default use username and password based authentication for API and UI access.
network
low complexity
apache CWE-863
7.2
2024-08-06 CVE-2024-6358 Incorrect Authorization vulnerability in Opentext Arcsight Intelligence
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.
network
low complexity
opentext CWE-863
8.8
2024-08-06 CVE-2024-6202 Incorrect Authorization vulnerability in Haloservicesolutions Haloitsm
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability.
network
low complexity
haloservicesolutions CWE-863
critical
9.8
2024-07-26 CVE-2024-7062 Incorrect Authorization vulnerability in Mikekazakov Nimble Commander
Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation.
local
low complexity
mikekazakov CWE-863
7.8
2024-07-16 CVE-2024-5816 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token.
network
low complexity
github CWE-863
5.3
2024-07-16 CVE-2024-5817 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects.
network
low complexity
github CWE-863
6.5
2024-07-02 CVE-2024-39324 Incorrect Authorization vulnerability in Aimeos Ai-Admin-Graphql
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface.
network
low complexity
aimeos CWE-863
3.8
2024-06-27 CVE-2024-4011 Incorrect Authorization vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives.
network
low complexity
gitlab CWE-863
4.3
2024-06-27 CVE-2024-6323 Incorrect Authorization vulnerability in Gitlab
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
network
low complexity
gitlab CWE-863
7.5