Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-11 | CVE-2020-0989 | Missing Authorization vulnerability in Microsoft products <p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. | 5.5 |
2020-09-02 | CVE-2020-25025 | Missing Authorization vulnerability in Localization Manager Project Localization Manager The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). | 4.0 |
2020-09-01 | CVE-2020-2242 | Missing Authorization vulnerability in Jenkins Database A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | 6.5 |
2020-08-27 | CVE-2020-3394 | Missing Authorization vulnerability in Cisco Nx-Os A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. | 7.2 |
2020-08-26 | CVE-2020-3443 | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem 8202004 A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. | 8.8 |
2020-08-25 | CVE-2020-24614 | Missing Authorization vulnerability in multiple products Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. | 8.8 |
2020-08-12 | CVE-2020-6301 | Missing Authorization vulnerability in SAP HCM Travel Management SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check. | 5.5 |
2020-08-12 | CVE-2020-6298 | Missing Authorization vulnerability in SAP Generic Market Data 400/450/500 SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check. | 5.5 |
2020-08-12 | CVE-2020-6273 | Missing Authorization vulnerability in SAP S/4 Hana Fiori UI FOR General Ledger Accounting 103/104 SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check. | 4.0 |
2020-08-12 | CVE-2020-2234 | Missing Authorization vulnerability in Jenkins Pipeline Maven Integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 |