Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-18 | CVE-2022-2108 | Missing Authorization vulnerability in Wbcomdesigns Buddypress Group Reviews The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. | 5.3 |
| 2022-07-13 | CVE-2022-20225 | Missing Authorization vulnerability in Google Android In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. | 2.1 |
| 2022-07-12 | CVE-2022-31592 | Missing Authorization vulnerability in SAP Enterprise Extension Defense Forces & Public Security The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. | 4.0 |
| 2022-07-12 | CVE-2022-31597 | Missing Authorization vulnerability in SAP S/4Hana and Sapscore Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. | 5.5 |
| 2022-07-06 | CVE-2022-21763 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telecom service, there is a possible information disclosure due to a missing permission check. | 2.1 |
| 2022-07-06 | CVE-2022-21764 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telecom service, there is a possible information disclosure due to a missing permission check. | 2.1 |
| 2022-07-06 | CVE-2022-21777 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Autoboot, there is a possible permission bypass due to a missing permission check. | 4.6 |
| 2022-06-30 | CVE-2022-34779 | Missing Authorization vulnerability in Jenkins Xebialabs XL Release A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-06-30 | CVE-2022-34781 | Missing Authorization vulnerability in Jenkins Xebialabs XL Release Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2022-06-30 | CVE-2022-34794 | Missing Authorization vulnerability in Jenkins Recipe 1.0/1.1/1.2 Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | 6.5 |