Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-36556 | Incorrect Authorization vulnerability in Fortinet Fortimail An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | 8.8 |
| 2023-10-06 | CVE-2023-44860 | Incorrect Authorization vulnerability in Netis-Systems N3M Firmware 1.0.1.865 An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. | 7.5 |
| 2023-10-05 | CVE-2022-3248 | Incorrect Authorization vulnerability in Redhat products A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. | 7.5 |
| 2023-10-04 | CVE-2023-1832 | Incorrect Authorization vulnerability in multiple products An improper access control flaw was found in Candlepin. | 8.1 |
| 2023-10-04 | CVE-2023-4997 | Incorrect Authorization vulnerability in Prointegra Uptimedc Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. | 8.8 |
| 2023-09-29 | CVE-2023-5159 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. | 2.7 |
| 2023-09-29 | CVE-2023-5193 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation. | 2.7 |
| 2023-09-29 | CVE-2023-5194 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager | 4.3 |
| 2023-09-29 | CVE-2023-5195 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of | 5.4 |
| 2023-09-27 | CVE-2023-41078 | Incorrect Authorization vulnerability in Apple Macos An authorization issue was addressed with improved state management. | 5.5 |