Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-15 | CVE-2018-7702 | Missing Authorization vulnerability in Securenvoy Securmail SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization. | 9.1 |
| 2018-02-22 | CVE-2018-0015 | Missing Authorization vulnerability in Juniper Appformix A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. | 7.5 |
| 2018-02-14 | CVE-2018-2381 | Missing Authorization vulnerability in SAP ERP Financials Information System 2.0 SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-02-12 | CVE-2017-13247 | Missing Authorization vulnerability in Google Android In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. | 7.8 |
| 2018-02-09 | CVE-2018-1000022 | Missing Authorization vulnerability in Electrum Bitcoin Wallet Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. | 5.3 |
| 2018-02-02 | CVE-2017-18035 | Missing Authorization vulnerability in Atlassian Fisheye The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it. | 4.3 |
| 2018-01-29 | CVE-2017-9513 | Missing Authorization vulnerability in Atlassian Activity Streams Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. | 5.4 |
| 2018-01-26 | CVE-2017-1000400 | Missing Authorization vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. | 4.3 |
| 2018-01-26 | CVE-2017-1000390 | Missing Authorization vulnerability in Jenkins Multijob Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. | 4.3 |
| 2018-01-26 | CVE-2017-1000388 | Missing Authorization vulnerability in Jenkins Dependency Graph Viewer Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data. | 4.3 |