Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2020-05-28 CVE-2020-4249 Incorrect Authorization vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization.
network
low complexity
ibm CWE-863
6.5
2020-05-26 CVE-2020-12391 Incorrect Authorization vulnerability in Mozilla Firefox
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context.
network
low complexity
mozilla CWE-863
7.5
2020-05-26 CVE-2020-3811 Incorrect Authorization vulnerability in multiple products
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.
network
low complexity
netqmail debian canonical CWE-863
7.5
2020-05-18 CVE-2019-20801 Incorrect Authorization vulnerability in Readdle Documents
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS.
network
low complexity
readdle CWE-863
5.3
2020-05-14 CVE-2020-0097 Incorrect Authorization vulnerability in Google Android 10.0/9.0
In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps.
local
low complexity
google CWE-863
7.8
2020-05-14 CVE-2020-12876 Incorrect Authorization vulnerability in Veritas Aptare
Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server.
network
low complexity
veritas CWE-863
7.5
2020-05-14 CVE-2020-12875 Incorrect Authorization vulnerability in Veritas Aptare
Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks.
network
low complexity
veritas CWE-863
6.3
2020-05-13 CVE-2020-1998 Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os
An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication.
network
low complexity
paloaltonetworks CWE-863
8.8
2020-05-12 CVE-2020-8151 Incorrect Authorization vulnerability in multiple products
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.
network
low complexity
rubyonrails fedoraproject CWE-863
7.5
2020-05-07 CVE-2020-12691 Incorrect Authorization vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-863
8.8