Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2020-06-16 CVE-2020-7499 Incorrect Authorization vulnerability in Schneider-Electric products
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.
network
low complexity
schneider-electric CWE-863
6.5
2020-06-10 CVE-2020-0115 Incorrect Authorization vulnerability in Google Android
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains.
local
low complexity
google CWE-863
7.8
2020-06-08 CVE-2020-13696 Incorrect Authorization vulnerability in multiple products
An issue was discovered in LinuxTV xawtv before 3.107.
4.4
2020-06-04 CVE-2020-13834 Incorrect Authorization vulnerability in Google Android
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software.
network
low complexity
google CWE-863
7.5
2020-06-03 CVE-2020-3335 Incorrect Authorization vulnerability in Cisco products
A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device.
local
low complexity
cisco CWE-863
5.5
2020-06-03 CVE-2020-3231 Incorrect Authorization vulnerability in Cisco IOS
A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port.
low complexity
cisco CWE-863
4.7
2020-06-03 CVE-2020-3229 Incorrect Authorization vulnerability in Cisco IOS XE
A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user.
network
low complexity
cisco CWE-863
8.8
2020-06-03 CVE-2020-3227 Incorrect Authorization vulnerability in Cisco IOS XE
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization.
network
low complexity
cisco CWE-863
critical
9.8
2020-06-03 CVE-2020-4026 Incorrect Authorization vulnerability in Atlassian Navigator Links 4.0.0/5.0.0/5.1.0
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.
network
low complexity
atlassian CWE-863
4.3
2020-05-29 CVE-2020-11844 Incorrect Authorization vulnerability in Microfocus Service Management Automation
Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management.
network
low complexity
microfocus CWE-863
critical
9.8