Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-6268 | Missing Authorization vulnerability in SAP ERP (Ea-Finserv) and ERP (S4Core) Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check. | 8.1 |
| 2020-06-09 | CVE-2020-13266 | Missing Authorization vulnerability in Gitlab Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | 4.3 |
| 2020-06-04 | CVE-2020-11680 | Missing Authorization vulnerability in Castel Nextgen DVR Firmware 1.0.0 Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. | 6.5 |
| 2020-06-04 | CVE-2020-11679 | Missing Authorization vulnerability in Castel Nextgen DVR Firmware 1.0.0 Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. | 8.8 |
| 2020-06-03 | CVE-2020-1963 | Missing Authorization vulnerability in Apache Ignite Apache Ignite uses H2 database to build SQL distributed execution engine. | 9.1 |
| 2020-05-27 | CVE-2020-4348 | Missing Authorization vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. | 6.5 |
| 2020-05-23 | CVE-2020-13425 | Missing Authorization vulnerability in Thetrackr Trackr Firmware 2.2.5/20200506/5.1.6 TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. | 7.1 |
| 2020-05-18 | CVE-2020-13154 | Missing Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus 11.1 Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | 6.5 |
| 2020-05-18 | CVE-2020-13144 | Missing Authorization vulnerability in EDX Open EDX Platform 2.5 Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. | 8.8 |
| 2020-05-14 | CVE-2020-10620 | Missing Authorization vulnerability in Opto22 Softpac Project 9.6 Opto 22 SoftPAC Project Version 9.6 and prior. | 9.8 |