Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2020-15337 | Missing Authorization vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. | 5.3 |
| 2022-09-29 | CVE-2020-15338 | Missing Authorization vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. | 5.3 |
| 2022-09-26 | CVE-2021-28052 | Missing Authorization vulnerability in Hitach Vantara 9.0.0 A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. | 4.9 |
| 2022-09-26 | CVE-2022-2405 | Missing Authorization vulnerability in Themehunk WP Popup Builder The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | 4.3 |
| 2022-09-26 | CVE-2022-2987 | Missing Authorization vulnerability in Ldap WP Login / Active Directory Integration Project Ldap WP Login / Active Directory Integration The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. | 7.5 |
| 2022-09-23 | CVE-2022-32220 | Missing Authorization vulnerability in Rocket.Chat An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | 6.5 |
| 2022-09-23 | CVE-2022-35247 | Missing Authorization vulnerability in Rocket.Chat A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | 4.3 |
| 2022-09-23 | CVE-2022-35249 | Missing Authorization vulnerability in Rocket.Chat A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | 4.3 |
| 2022-09-23 | CVE-2021-41803 | Missing Authorization vulnerability in Hashicorp Consul HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. | 7.1 |
| 2022-09-22 | CVE-2021-39190 | Missing Authorization vulnerability in Teclib-Edition System Center Configuration Manager The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. | 5.3 |