Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-41730 | Missing Authorization vulnerability in SAP Business Objects Business Intelligence Platform Enterprise430/Enterprise440 In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. | 9.8 |
| 2024-08-13 | CVE-2024-42376 | Missing Authorization vulnerability in SAP Shared Service Framework SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2024-08-13 | CVE-2024-42377 | Missing Authorization vulnerability in SAP Shared Service Framework SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application | 4.3 |
| 2024-08-12 | CVE-2024-37930 | Missing Authorization vulnerability in Theme-Sphere Smartmag Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0. | 7.5 |
| 2024-08-12 | CVE-2024-42470 | Missing Authorization vulnerability in Openhab openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. | 9.1 |
| 2024-08-07 | CVE-2024-43045 | Missing Authorization vulnerability in Jenkins Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". | 6.3 |
| 2024-07-31 | CVE-2024-41108 | Missing Authorization vulnerability in Fogproject 1.5.10/1.5.10.15 FOG is a free open-source cloning/imaging/rescue suite/inventory management system. | 5.9 |
| 2024-07-31 | CVE-2024-37898 | Missing Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.3 |
| 2024-07-27 | CVE-2024-1798 | Missing Authorization vulnerability in Themeum Tutor LMS - Migration Tool The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. | 5.3 |
| 2024-07-27 | CVE-2024-1804 | Missing Authorization vulnerability in Themeum Tutor LMS - Migration Tool The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. | 4.3 |