Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-16 | CVE-2020-14213 | Missing Authorization vulnerability in Zammad In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). | 5.4 |
| 2020-06-11 | CVE-2020-0202 | Missing Authorization vulnerability in Google Android 11.0 In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. | 7.8 |
| 2020-06-11 | CVE-2020-0178 | Missing Authorization vulnerability in Google Android 10.0 In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. | 5.5 |
| 2020-06-11 | CVE-2020-0177 | Missing Authorization vulnerability in Google Android 10.0 In connect() of PanService.java, there is a possible permissions bypass. | 5.5 |
| 2020-06-11 | CVE-2020-0137 | Missing Authorization vulnerability in Google Android 10.0 In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. | 7.8 |
| 2020-06-11 | CVE-2020-0135 | Missing Authorization vulnerability in Google Android 10.0 In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. | 4.4 |
| 2020-06-10 | CVE-2020-5362 | Missing Authorization vulnerability in Dell products Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. | 4.4 |
| 2020-06-10 | CVE-2020-13445 | Missing Authorization vulnerability in Liferay Portal In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates. | 8.8 |
| 2020-06-10 | CVE-2020-13270 | Missing Authorization vulnerability in Gitlab Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | 8.8 |
| 2020-06-10 | CVE-2020-6270 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | 6.5 |