Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-04-10 CVE-2017-18101 Missing Authorization vulnerability in Atlassian Jira
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
network
low complexity
atlassian CWE-862
6.5
2018-04-09 CVE-2018-1217 Missing Authorization vulnerability in Dell products
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials.
network
low complexity
dell CWE-862
critical
9.8
2018-03-27 CVE-2018-9039 Missing Authorization vulnerability in Octopus Deploy
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow.
network
low complexity
octopus CWE-862
6.5
2018-03-15 CVE-2018-7702 Missing Authorization vulnerability in Securenvoy Securmail
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
network
low complexity
securenvoy CWE-862
critical
9.1
2018-02-22 CVE-2018-0015 Missing Authorization vulnerability in Juniper Appformix
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege.
network
high complexity
juniper CWE-862
7.5
2018-02-14 CVE-2018-2381 Missing Authorization vulnerability in SAP ERP Financials Information System 2.0
SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2018-02-12 CVE-2017-13247 Missing Authorization vulnerability in Google Android
In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock.
local
low complexity
google CWE-862
7.8
2018-02-09 CVE-2018-1000022 Missing Authorization vulnerability in Electrum Bitcoin Wallet
Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected.
network
high complexity
electrum CWE-862
5.3
2018-02-02 CVE-2017-18035 Missing Authorization vulnerability in Atlassian Fisheye
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.
network
low complexity
atlassian CWE-862
4.3
2018-01-29 CVE-2017-9513 Missing Authorization vulnerability in Atlassian Activity Streams
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
network
low complexity
atlassian CWE-862
5.4