Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-26 | CVE-2020-3443 | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem 8202004 A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. | 8.8 |
| 2020-08-25 | CVE-2020-24614 | Missing Authorization vulnerability in multiple products Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. | 8.8 |
| 2020-08-24 | CVE-2020-19890 | Missing Authorization vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. | 4.9 |
| 2020-08-12 | CVE-2020-6301 | Missing Authorization vulnerability in SAP HCM Travel Management SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check. | 8.1 |
| 2020-08-12 | CVE-2020-6298 | Missing Authorization vulnerability in SAP Generic Market Data 400/450/500 SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check. | 8.1 |
| 2020-08-12 | CVE-2020-6273 | Missing Authorization vulnerability in SAP S/4 Hana Fiori UI for General Ledger Accounting 103/104 SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check. | 4.3 |
| 2020-08-12 | CVE-2020-2234 | Missing Authorization vulnerability in Jenkins Pipeline Maven Integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 |
| 2020-08-11 | CVE-2020-0250 | Missing Authorization vulnerability in Google Android 10.0 In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. | 5.5 |
| 2020-08-11 | CVE-2020-0239 | Missing Authorization vulnerability in Google Android 10.0/9.0 In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. | 5.5 |
| 2020-08-04 | CVE-2020-15109 | Missing Authorization vulnerability in Nebulab Solidus In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. | 5.3 |