Show CWE-285: Improper Authorization - CXSecurity.com

	Topic	Date	Author
Med.	Slims CMS Akasia 8.3.1 SQL Injection	22.05.2019	KingSkrupellos
Med.	Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability	19.05.2019	KingSkrupellos
Med.	Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation	07.11.2018	Matthew Bergin
Low	SAP Business Objects Unauthorized Audit Information Access	26.02.2015	Onapsis
Med.	SAP Business Objects Unauthorized Audit Information Delete	26.02.2015	Onapsis
Low	SAP Business Objects Information Disclosure Via CORBA	09.10.2014	Will Vandevanter
Med.	SAP Business Warehouse Missing Authorization Check	09.10.2014	Will Vandevanter
Med.	SAP Business Objects Denial Of Service Via CORBA	09.10.2014	Will Vandevanter
Med.	Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass	15.11.2013	Pedro Andujar
High	Zoom Telephonics Multiple Vulns	03.09.2013	K Lovett

CVEMAP Search Results

CVE

Details

Description

2019-07-10

Medium	CVE-2018-19569	Vendor: Gitlab Software: Gitlab	GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
Medium	CVE-2019-0325	Vendor: SAP Software: Erp hcm	SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data.
Medium	CVE-2019-10119	Updating...	eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin.
Medium	CVE-2019-10121	Updating...	eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin.
Low	CVE-2018-19575	Vendor: Gitlab Software: Gitlab	GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.
Low	CVE-2018-19578	Vendor: Gitlab Software: Gitlab	GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.
Medium	CVE-2018-19581	Vendor: Gitlab Software: Gitlab	GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.
Medium	CVE-2018-19584	Vendor: Gitlab Software: Gitlab	GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.

2019-07-09

Medium

CVE-2019-12782

Updating...

An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.

2019-07-05

Medium

CVE-2019-5981

Vendor: SONY
Software: Vaio update

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.

Copyright 2019, cxsecurity.com