Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2020-05-06 CVE-2020-7921 Incorrect Authorization vulnerability in Mongodb
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action.
network
high complexity
mongodb CWE-863
5.3
2020-05-06 CVE-2020-4446 Incorrect Authorization vulnerability in IBM products
IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks.
network
low complexity
ibm CWE-863
4.3
2020-05-06 CVE-2020-2188 Incorrect Authorization vulnerability in Jenkins Amazon EC2
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
network
low complexity
jenkins CWE-863
4.3
2020-05-04 CVE-2020-5343 Incorrect Authorization vulnerability in Dell OS Recovery Image for Microsoft Windows 10
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability.
local
low complexity
dell CWE-863
7.8
2020-05-04 CVE-2020-5333 Incorrect Authorization vulnerability in RSA Archer
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API.
network
low complexity
rsa CWE-863
4.3
2020-04-29 CVE-2020-12477 Incorrect Authorization vulnerability in Teampass 2.1.27.36
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
network
low complexity
teampass CWE-863
7.5
2020-04-21 CVE-2020-10786 Incorrect Authorization vulnerability in Vestacp Vesta Control Panel
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.
network
low complexity
vestacp CWE-863
8.8
2020-04-20 CVE-2020-11753 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.21.1/3.22.0
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0.
network
low complexity
sonatype CWE-863
8.8
2020-04-20 CVE-2020-5293 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices.
network
low complexity
prestashop CWE-863
6.5
2020-04-20 CVE-2020-5288 Incorrect Authorization vulnerability in Prestashop
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page.
network
low complexity
prestashop CWE-863
6.5