Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-06-07 CVE-2018-0317 Missing Authorization vulnerability in Cisco products
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges.
network
low complexity
cisco CWE-862
6.5
2018-05-22 CVE-2018-10092 Missing Authorization vulnerability in Dolibarr
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
network
dolibarr CWE-862
6.0
2018-05-21 CVE-2018-8012 Missing Authorization vulnerability in multiple products
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta.
network
low complexity
apache debian oracle CWE-862
7.5
2018-05-09 CVE-2018-2419 Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
5.5
2018-04-25 CVE-2018-10207 Missing Authorization vulnerability in Vaultize Enterprise File Sharing 17.05.31
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.
network
low complexity
vaultize CWE-862
5.0
2018-04-10 CVE-2018-2413 Missing Authorization vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2018-04-10 CVE-2018-2412 Missing Authorization vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2018-04-10 CVE-2017-18101 Missing Authorization vulnerability in Atlassian Jira and Jira Server
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
network
low complexity
atlassian CWE-862
6.4
2018-03-27 CVE-2018-9039 Missing Authorization vulnerability in Octopus Deploy
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow.
network
low complexity
octopus CWE-862
4.0
2018-03-15 CVE-2018-7702 Missing Authorization vulnerability in Securenvoy Securmail
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
network
low complexity
securenvoy CWE-862
6.4