Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-09 | CVE-2018-2419 | Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 4.6 |
| 2018-05-04 | CVE-2018-10251 | Missing Authorization vulnerability in Sierrawireless Aleos A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. | 9.8 |
| 2018-04-25 | CVE-2018-10207 | Missing Authorization vulnerability in Vaultize Enterprise File Sharing 17.05.31 An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. | 5.3 |
| 2018-04-10 | CVE-2018-2413 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-04-10 | CVE-2018-2412 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-04-10 | CVE-2017-18101 | Missing Authorization vulnerability in Atlassian Jira Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks. | 6.5 |
| 2018-04-09 | CVE-2018-1217 | Missing Authorization vulnerability in Dell products Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. | 9.8 |
| 2018-03-27 | CVE-2018-9039 | Missing Authorization vulnerability in Octopus Deploy In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. | 6.5 |
| 2018-03-15 | CVE-2018-7702 | Missing Authorization vulnerability in Securenvoy Securmail SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization. | 9.1 |
| 2018-02-22 | CVE-2018-0015 | Missing Authorization vulnerability in Juniper Appformix A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. | 7.5 |