Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2020-04-20 CVE-2020-5287 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search.
network
low complexity
prestashop CWE-863
6.5
2020-04-20 CVE-2020-5279 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers.
network
low complexity
prestashop CWE-863
6.5
2020-04-15 CVE-2020-0981 Incorrect Authorization vulnerability in Microsoft Windows 10 and Windows Server 2016
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'.
local
low complexity
microsoft CWE-863
8.8
2020-04-14 CVE-2020-6214 Incorrect Authorization vulnerability in SAP S/4Hana 100
SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports.
network
low complexity
sap CWE-863
4.7
2020-04-12 CVE-2020-11707 Incorrect Authorization vulnerability in Provideserver Provide FTP Server 13.1
An issue was discovered in ProVide (formerly zFTPServer) through 13.1.
network
low complexity
provideserver CWE-863
8.8
2020-04-08 CVE-2018-21039 Incorrect Authorization vulnerability in Google Android 7.0
An issue was discovered on Samsung mobile devices with N(7.0) software.
network
low complexity
google CWE-863
7.5
2020-04-08 CVE-2018-21082 Incorrect Authorization vulnerability in Google Android
An issue was discovered on Samsung mobile devices with N(7.x) software.
local
low complexity
google CWE-863
8.4
2020-04-08 CVE-2020-11628 Incorrect Authorization vulnerability in Primekey Ejbca
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2.
network
low complexity
primekey CWE-863
5.3
2020-04-03 CVE-2020-8142 Incorrect Authorization vulnerability in Revive-Adserver Revive Adserver
A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144.
low complexity
revive-adserver CWE-863
6.8
2020-04-01 CVE-2018-11802 Incorrect Authorization vulnerability in Apache Solr
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection.
network
low complexity
apache CWE-863
4.3