Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2021-1508 | Missing Authorization vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. | 8.8 |
| 2021-04-27 | CVE-2021-20715 | Missing Authorization vulnerability in Recruit-Holdings HOT Pepper Gourmet 4.111.0 Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 4.3 |
| 2021-04-26 | CVE-2021-20693 | Missing Authorization vulnerability in Gurunavi 10.0.10/11.1.2 Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 7.5 |
| 2021-04-13 | CVE-2021-27609 | Missing Authorization vulnerability in SAP Focused RUN 200/300 SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization. | 6.5 |
| 2021-04-13 | CVE-2021-27605 | Missing Authorization vulnerability in SAP Fiori Apps 2.0 for Travel Management in SAP ERP SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. | 4.3 |
| 2021-04-13 | CVE-2021-27598 | Missing Authorization vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50 SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. | 5.3 |
| 2021-04-13 | CVE-2021-0428 | Missing Authorization vulnerability in Google Android 10.0 In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. | 5.5 |
| 2021-04-09 | CVE-2021-21432 | Missing Authorization vulnerability in Go-Vela Vela Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. | 6.5 |
| 2021-04-09 | CVE-2021-30155 | Missing Authorization vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 4.3 |
| 2021-04-09 | CVE-2020-36287 | Missing Authorization vulnerability in Atlassian products The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. | 5.3 |