Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-03 | CVE-2020-25711 | Missing Authorization vulnerability in multiple products A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. | 6.5 |
| 2020-12-03 | CVE-2020-23735 | Missing Authorization vulnerability in Saibo Cyber Game Accelerator 3.7.9 In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. | 7.8 |
| 2020-12-03 | CVE-2020-2323 | Missing Authorization vulnerability in Netflix Chaos Monkey 0.3/0.4 Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. | 5.3 |
| 2020-12-03 | CVE-2020-2322 | Missing Authorization vulnerability in Netflix Chaos Monkey 0.3 Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | 7.5 |
| 2020-11-27 | CVE-2017-15680 | Missing Authorization vulnerability in Craftercms Crafter CMS 3.0.0 In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. | 6.5 |
| 2020-11-24 | CVE-2020-29006 | Missing Authorization vulnerability in Misp MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. | 9.8 |
| 2020-11-23 | CVE-2020-4783 | Missing Authorization vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2020-11-17 | CVE-2020-27192 | Missing Authorization vulnerability in Binarynights Forklift BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. | 7.8 |
| 2020-11-17 | CVE-2020-15349 | Missing Authorization vulnerability in Binarynights Forklift BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions. | 7.8 |
| 2020-11-16 | CVE-2020-23489 | Missing Authorization vulnerability in Wwbn Avideo The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. | 8.8 |