Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-03 | CVE-2018-16048 | Missing Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. | 4.0 |
2018-09-11 | CVE-2018-2461 | Missing Authorization vulnerability in SAP People Profile 6.0 Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. | 6.5 |
2018-09-11 | CVE-2018-2455 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2018-09-11 | CVE-2018-2454 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2018-09-10 | CVE-2018-16591 | Missing Authorization vulnerability in Furuno Felcom 250 Firmware and Felcom 500 Firmware FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. | 10.0 |
2018-08-29 | CVE-2018-7792 | Missing Authorization vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 5.0 |
2018-08-23 | CVE-2018-8028 | Missing Authorization vulnerability in Apache Sentry An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. | 6.5 |
2018-08-22 | CVE-2017-2662 | Missing Authorization vulnerability in Theforeman Katello 3.4.5 A flaw was found in Foreman's katello plugin version 3.4.5. | 4.3 |
2018-08-17 | CVE-2018-5547 | Missing Authorization vulnerability in F5 Big-Ip Access Policy Manager Client 7.1.6/7.1.6.1/7.1.7 Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. | 7.8 |
2018-07-31 | CVE-2017-17707 | Missing Authorization vulnerability in Pleasantsolutions Pleasant Password Server Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. | 6.5 |