Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-27609 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. | 5.3 |
| 2020-10-20 | CVE-2020-6362 | Incorrect Authorization vulnerability in SAP Banking Services 500 SAP Banking Services version 500, use an incorrect authorization object in some of its reports. | 6.5 |
| 2020-10-16 | CVE-2020-16904 | Incorrect Authorization vulnerability in Microsoft Azure Functions <p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.</p> <p>This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions.</p> | 5.3 |
| 2020-10-15 | CVE-2020-12503 | Incorrect Authorization vulnerability in multiple products Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. | 7.2 |
| 2020-10-15 | CVE-2020-27156 | Incorrect Authorization vulnerability in Veritas Aptare 10.4 Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. | 9.8 |
| 2020-10-13 | CVE-2020-13957 | Incorrect Authorization vulnerability in Apache Solr Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. | 9.8 |
| 2020-10-08 | CVE-2020-3467 | Incorrect Authorization vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. | 7.7 |
| 2020-10-07 | CVE-2020-13335 | Incorrect Authorization vulnerability in Gitlab Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | 4.3 |
| 2020-10-07 | CVE-2020-13334 | Incorrect Authorization vulnerability in Gitlab In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | 7.5 |
| 2020-10-06 | CVE-2019-19200 | Incorrect Authorization vulnerability in Reddoxx Maildepot 2032 REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users. | 8.8 |