Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-33005 | Missing Authorization vulnerability in SAP products Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. | 6.3 |
| 2024-08-13 | CVE-2024-41730 | Missing Authorization vulnerability in SAP Business Objects Business Intelligence Platform Enterprise430/Enterprise440 In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. | 9.8 |
| 2024-08-13 | CVE-2024-42376 | Missing Authorization vulnerability in SAP Shared Service Framework SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2024-08-13 | CVE-2024-42377 | Missing Authorization vulnerability in SAP Shared Service Framework SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application | 4.3 |
| 2024-08-12 | CVE-2024-37930 | Missing Authorization vulnerability in Theme-Sphere Smartmag Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0. | 7.5 |
| 2024-08-12 | CVE-2024-42470 | Missing Authorization vulnerability in Openhab openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. | 9.1 |
| 2024-08-08 | CVE-2024-6824 | Missing Authorization vulnerability in Leap13 Premium Addons for Elementor The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. | 4.3 |
| 2024-08-07 | CVE-2024-43045 | Missing Authorization vulnerability in Jenkins Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". | 6.3 |
| 2024-08-01 | CVE-2024-5331 | Missing Authorization vulnerability in Soflyy Breakdance The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. | 4.3 |
| 2024-07-31 | CVE-2024-41108 | Missing Authorization vulnerability in Fogproject 1.5.10/1.5.10.15 FOG is a free open-source cloning/imaging/rescue suite/inventory management system. | 5.9 |