Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-14 | CVE-2021-33671 | Missing Authorization vulnerability in SAP Netweaver Guided Procedures SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2021-07-14 | CVE-2021-33676 | Missing Authorization vulnerability in SAP Customer Relationship Management A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. | 6.5 |
2021-07-14 | CVE-2021-20747 | Missing Authorization vulnerability in Retty Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 4.3 |
2021-07-13 | CVE-2021-36124 | Missing Authorization vulnerability in Echobh Sharecare 8.15.5 An issue was discovered in Echo ShareCare 8.15.5. | 7.5 |
2021-07-12 | CVE-2020-19038 | Missing Authorization vulnerability in Halo 0.4.3 File Deletion vulnerability in Halo 0.4.3 via delBackup. | 9.1 |
2021-07-07 | CVE-2021-22233 | Missing Authorization vulnerability in Gitlab An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details | 4.0 |
2021-07-07 | CVE-2021-20777 | Missing Authorization vulnerability in Gu-Global GU Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 4.3 |
2021-06-30 | CVE-2021-21676 | Missing Authorization vulnerability in Jenkins Requests Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. | 4.3 |
2021-06-30 | CVE-2021-27903 | Missing Authorization vulnerability in Craftcms Craft CMS An issue was discovered in Craft CMS before 3.6.7. | 7.5 |
2021-06-24 | CVE-2021-29958 | Missing Authorization vulnerability in Mozilla Firefox When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. | 4.3 |