Vulnerabilities > Incorrect Resource Transfer Between Spheres
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2022-20658 | Incorrect Resource Transfer Between Spheres vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. | 9.6 |
| 2021-11-02 | CVE-2021-25973 | Incorrect Resource Transfer Between Spheres vulnerability in Publify Project Publify In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. | 6.5 |
| 2021-08-23 | CVE-2021-24602 | Incorrect Resource Transfer Between Spheres vulnerability in Hmplugin HM multiple Roles The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page | 8.8 |
| 2021-07-09 | CVE-2021-30120 | Incorrect Resource Transfer Between Spheres vulnerability in Kaseya VSA Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. | 7.5 |
| 2021-06-24 | CVE-2021-29960 | Incorrect Resource Transfer Between Spheres vulnerability in Mozilla Firefox Firefox used to cache the last filename used for printing a file. | 4.3 |
| 2021-05-27 | CVE-2021-22900 | Incorrect Resource Transfer Between Spheres vulnerability in multiple products A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | 7.2 |
| 2021-04-30 | CVE-2021-21531 | Incorrect Resource Transfer Between Spheres vulnerability in Dell products Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. | 7.8 |
| 2021-02-12 | CVE-2021-20411 | Incorrect Resource Transfer Between Spheres vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. | 8.1 |
| 2021-01-19 | CVE-2020-27268 | Incorrect Resource Transfer Between Spheres vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy. | 6.5 |
| 2020-12-22 | CVE-2020-24683 | Incorrect Resource Transfer Between Spheres vulnerability in ABB Symphony + Historian and Symphony + Operations The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). | 9.8 |