Vulnerabilities > Incorrect Resource Transfer Between Spheres
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2021-22900 | Incorrect Resource Transfer Between Spheres vulnerability in multiple products A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | 7.2 |
| 2021-04-30 | CVE-2021-21531 | Incorrect Resource Transfer Between Spheres vulnerability in Dell products Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. | 7.8 |
| 2021-02-12 | CVE-2021-20411 | Incorrect Resource Transfer Between Spheres vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. | 8.1 |
| 2021-01-19 | CVE-2020-27268 | Incorrect Resource Transfer Between Spheres vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy. | 6.5 |
| 2020-12-22 | CVE-2020-24683 | Incorrect Resource Transfer Between Spheres vulnerability in ABB Symphony + Historian and Symphony + Operations The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). | 9.8 |
| 2020-12-18 | CVE-2020-26177 | Incorrect Resource Transfer Between Spheres vulnerability in Tangro Business Workflow 1.17.5 In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. | 4.3 |
| 2020-12-07 | CVE-2020-5800 | Incorrect Resource Transfer Between Spheres vulnerability in EAT Spray Love Project EAT Spray Love 2.0.20 The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to. | 9.8 |
| 2020-12-01 | CVE-2020-15257 | Incorrect Resource Transfer Between Spheres vulnerability in multiple products containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. | 5.2 |
| 2020-08-11 | CVE-2020-10778 | Incorrect Resource Transfer Between Spheres vulnerability in Redhat Cloudforms 4.7/5.0.0 In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. | 6.0 |
| 2020-07-22 | CVE-2020-15892 | Incorrect Resource Transfer Between Spheres vulnerability in Dlink Dap-1520 Firmware 1.0.8/1.10B04 An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. | 9.8 |