Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-07 | CVE-2018-0317 | Missing Authorization vulnerability in Cisco products A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. | 6.5 |
2018-05-22 | CVE-2018-10092 | Missing Authorization vulnerability in Dolibarr The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. | 6.0 |
2018-05-21 | CVE-2018-8012 | Missing Authorization vulnerability in multiple products No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. | 7.5 |
2018-05-09 | CVE-2018-2419 | Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 5.5 |
2018-04-25 | CVE-2018-10207 | Missing Authorization vulnerability in Vaultize Enterprise File Sharing 17.05.31 An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. | 5.0 |
2018-04-10 | CVE-2018-2413 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2018-04-10 | CVE-2018-2412 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2018-04-10 | CVE-2017-18101 | Missing Authorization vulnerability in Atlassian Jira and Jira Server Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks. | 6.4 |
2018-03-27 | CVE-2018-9039 | Missing Authorization vulnerability in Octopus Deploy In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. | 4.0 |
2018-03-15 | CVE-2018-7702 | Missing Authorization vulnerability in Securenvoy Securmail SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization. | 6.4 |