Vulnerabilities > Incorrect Resource Transfer Between Spheres
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2021-45891 | Incorrect Resource Transfer Between Spheres vulnerability in Zauner ARC 4.2.0.4 An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. | 6.5 |
| 2022-02-11 | CVE-2021-22806 | Incorrect Resource Transfer Between Spheres vulnerability in Schneider-Electric products A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. | 5.0 |
| 2022-01-14 | CVE-2022-20658 | Incorrect Resource Transfer Between Spheres vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. | 9.6 |
| 2021-11-02 | CVE-2021-25973 | Incorrect Resource Transfer Between Spheres vulnerability in Publify Project Publify In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. | 6.4 |
| 2021-08-23 | CVE-2021-24602 | Incorrect Resource Transfer Between Spheres vulnerability in Hmplugin HM multiple Roles The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page | 8.8 |
| 2021-08-02 | CVE-2021-34574 | Incorrect Resource Transfer Between Spheres vulnerability in multiple products In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server. | 4.3 |
| 2021-07-09 | CVE-2021-30120 | Incorrect Resource Transfer Between Spheres vulnerability in Kaseya VSA Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. | 5.0 |
| 2021-06-24 | CVE-2021-29960 | Incorrect Resource Transfer Between Spheres vulnerability in Mozilla Firefox Firefox used to cache the last filename used for printing a file. | 4.3 |
| 2021-05-27 | CVE-2021-22900 | Incorrect Resource Transfer Between Spheres vulnerability in multiple products A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | 7.2 |
| 2021-04-30 | CVE-2021-21531 | Incorrect Resource Transfer Between Spheres vulnerability in Dell products Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. | 4.6 |