Vulnerabilities > Incorrect Permission Assignment for Critical Resource
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-23 | CVE-2023-29860 | Incorrect Permission Assignment for Critical Resource vulnerability in Dtstack Taier 1.3.0 An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. | 7.5 |
2023-06-20 | CVE-2023-26427 | Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite Backend Default permissions for a properties file were too permissive. | 3.3 |
2023-06-16 | CVE-2023-34154 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Harmonyos Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources. | 8.2 |
2023-06-15 | CVE-2023-34797 | Incorrect Permission Assignment for Critical Resource vulnerability in Temenos CWX 8.5.6 Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. | 5.4 |
2023-06-15 | CVE-2022-33163 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Directory Suite VA 8.0.1 IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
2023-06-14 | CVE-2023-35147 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins AWS Codecommit Trigger 3.0.12 Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. | 6.5 |
2023-06-13 | CVE-2023-33695 | Incorrect Permission Assignment for Critical Resource vulnerability in Hutool Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | 7.1 |
2023-06-13 | CVE-2023-30897 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Wincc A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). | 7.8 |
2023-06-13 | CVE-2023-31238 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Q200 Firmware A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). | 4.8 |
2023-06-13 | CVE-2023-2876 | Incorrect Permission Assignment for Critical Resource vulnerability in ABB products Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1. | 6.1 |