Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-10-03 CVE-2018-16048 Missing Authorization vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2.
network
low complexity
gitlab CWE-862
4.0
2018-09-11 CVE-2018-2461 Missing Authorization vulnerability in SAP People Profile 6.0
Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges.
network
low complexity
sap CWE-862
6.5
2018-09-11 CVE-2018-2455 Missing Authorization vulnerability in SAP Enterprise Financial Services
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2018-09-11 CVE-2018-2454 Missing Authorization vulnerability in SAP Enterprise Financial Services
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2018-09-10 CVE-2018-16591 Missing Authorization vulnerability in Furuno Felcom 250 Firmware and Felcom 500 Firmware
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.
network
low complexity
furuno CWE-862
critical
10.0
2018-08-29 CVE-2018-7792 Missing Authorization vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0).
network
low complexity
schneider-electric CWE-862
5.0
2018-08-23 CVE-2018-8028 Missing Authorization vulnerability in Apache Sentry
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1.
network
low complexity
apache CWE-862
6.5
2018-08-22 CVE-2017-2662 Missing Authorization vulnerability in Theforeman Katello 3.4.5
A flaw was found in Foreman's katello plugin version 3.4.5.
network
low complexity
theforeman CWE-862
4.3
2018-08-17 CVE-2018-5547 Missing Authorization vulnerability in F5 Big-Ip Access Policy Manager Client 7.1.6/7.1.6.1/7.1.7
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access.
local
low complexity
f5 CWE-862
7.8
2018-07-31 CVE-2017-17707 Missing Authorization vulnerability in Pleasantsolutions Pleasant Password Server
Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3.
network
low complexity
pleasantsolutions CWE-862
6.5