Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-06 | CVE-2021-27900 | Missing Authorization vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. | 5.5 |
| 2021-04-06 | CVE-2020-13422 | Missing Authorization vulnerability in Openiam OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. | 8.1 |
| 2021-04-05 | CVE-2021-24184 | Missing Authorization vulnerability in Themeum Tutor LMS Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions. | 6.5 |
| 2021-04-05 | CVE-2021-24164 | Missing Authorization vulnerability in Ninjaforms Ninja Forms In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. | 4.0 |
| 2021-04-05 | CVE-2021-24163 | Missing Authorization vulnerability in Ninjaforms Ninja Forms The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. | 8.8 |
| 2021-04-02 | CVE-2021-1755 | Missing Authorization vulnerability in Apple Macos 11.0 A lock screen issue allowed access to contacts on a locked device. | 2.1 |
| 2021-04-02 | CVE-2020-29621 | Missing Authorization vulnerability in Apple mac OS X and Macos This issue was addressed with improved checks. | 2.1 |
| 2021-04-01 | CVE-2020-36238 | Missing Authorization vulnerability in Atlassian products The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. | 5.0 |
| 2021-03-30 | CVE-2021-21637 | Missing Authorization vulnerability in Jenkins Team Foundation Server A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2021-03-30 | CVE-2021-21636 | Missing Authorization vulnerability in Jenkins Team Foundation Server A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |