Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2020-08-10 CVE-2020-12780 Incorrect Authorization vulnerability in Combodo Itop
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
network
low complexity
combodo CWE-863
7.5
2020-07-31 CVE-2020-3386 Incorrect Authorization vulnerability in Cisco Data Center Network Manager
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device.
network
low complexity
cisco CWE-863
8.8
2020-07-31 CVE-2020-3374 Incorrect Authorization vulnerability in Cisco Sd-Wan
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system.
network
low complexity
cisco CWE-863
critical
9.9
2020-07-29 CVE-2020-14486 Incorrect Authorization vulnerability in Openclinic GA Project Openclinic GA 5.09.02/5.89.05B
An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.
network
low complexity
openclinic-ga-project CWE-863
8.8
2020-07-27 CVE-2020-15120 Incorrect Authorization vulnerability in Ihatemoney I Hate Money
In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code.
network
low complexity
ihatemoney CWE-863
4.9
2020-07-22 CVE-2020-15126 Incorrect Authorization vulnerability in Parseplatform Parse Server
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.
network
low complexity
parseplatform CWE-863
6.5
2020-07-17 CVE-2020-15110 Incorrect Authorization vulnerability in Jupyterhub Kubespawner
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames.
network
low complexity
jupyterhub CWE-863
8.1
2020-07-16 CVE-2020-3150 Incorrect Authorization vulnerability in Cisco Rv110W Firmware and Rv215W Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration.
network
high complexity
cisco CWE-863
5.9
2020-07-16 CVE-2020-3140 Incorrect Authorization vulnerability in Cisco Prime License Manager
A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
network
low complexity
cisco CWE-863
critical
9.8
2020-07-15 CVE-2020-2228 Incorrect Authorization vulnerability in Jenkins Gitlab Authentication
Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
network
low complexity
jenkins CWE-863
8.8