Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-10 | CVE-2020-28368 | Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. | 4.4 |
| 2020-11-10 | CVE-2020-6316 | Missing Authorization vulnerability in SAP ERP and S/4Hana SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. | 4.0 |
| 2020-11-10 | CVE-2020-26824 | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service. | 6.4 |
| 2020-11-10 | CVE-2020-26823 | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service. | 6.4 |
| 2020-11-10 | CVE-2020-26822 | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service. | 6.4 |
| 2020-11-10 | CVE-2020-26821 | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service. | 6.4 |
| 2020-11-10 | CVE-2020-26818 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. | 8.8 |
| 2020-11-10 | CVE-2020-0454 | Missing Authorization vulnerability in Google Android 9.0 In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. | 2.1 |
| 2020-11-10 | CVE-2020-0439 | Missing Authorization vulnerability in Google Android In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. | 4.6 |
| 2020-11-10 | CVE-2020-0437 | Missing Authorization vulnerability in Google Android In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. | 2.1 |