Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-08 | CVE-2019-0243 | Missing Authorization vulnerability in SAP Bw/4Hana 1.0 Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2019-01-08 | CVE-2018-2484 | Missing Authorization vulnerability in SAP products SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2019-01-03 | CVE-2018-18004 | Missing Authorization vulnerability in Vivotek Camera Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter. | 5.0 |
| 2018-12-20 | CVE-2018-15329 | Missing Authorization vulnerability in F5 products On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | 6.5 |
| 2018-12-14 | CVE-2018-20155 | Missing Authorization vulnerability in Designmodo WP Maintenance Mode The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings. | 4.0 |
| 2018-12-11 | CVE-2018-2503 | Missing Authorization vulnerability in SAP Netweaver Application Server Java By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. | 3.3 |
| 2018-12-06 | CVE-2018-9548 | Missing Authorization vulnerability in Google Android In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. | 2.1 |
| 2018-12-05 | CVE-2018-19754 | Missing Authorization vulnerability in Oracle Tarantella Enterprise Tarantella Enterprise before 3.11 allows bypassing Access Control. | 6.5 |
| 2018-12-04 | CVE-2018-18647 | Missing Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. | 5.5 |
| 2018-11-14 | CVE-2018-9457 | Missing Authorization vulnerability in Google Android 8.0/8.1/9.0 In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. | 2.1 |