Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-11 | CVE-2018-2454 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2018-09-10 | CVE-2018-16591 | Missing Authorization vulnerability in Furuno Felcom 250 Firmware and Felcom 500 Firmware FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. | 10.0 |
| 2018-08-29 | CVE-2018-7792 | Missing Authorization vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 5.0 |
| 2018-08-23 | CVE-2018-8028 | Missing Authorization vulnerability in Apache Sentry An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. | 6.5 |
| 2018-08-22 | CVE-2017-2662 | Missing Authorization vulnerability in Theforeman Katello 3.4.5 A flaw was found in Foreman's katello plugin version 3.4.5. | 4.3 |
| 2018-08-17 | CVE-2018-5547 | Missing Authorization vulnerability in F5 Big-Ip Access Policy Manager Client 7.1.6/7.1.6.1/7.1.7 Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. | 7.8 |
| 2018-07-31 | CVE-2017-17707 | Missing Authorization vulnerability in Pleasantsolutions Pleasant Password Server Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. | 6.5 |
| 2018-07-10 | CVE-2018-1116 | Missing Authorization vulnerability in multiple products A flaw was found in polkit before version 0.116. | 3.6 |
| 2018-07-10 | CVE-2018-2436 | Missing Authorization vulnerability in SAP R/3 Enterprise Retail Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2018-07-09 | CVE-2018-11541 | Missing Authorization vulnerability in Ribboncommunications products A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. | 10.0 |