CWE:
 

Topic
Date
Author
Med.
SAP Solution Manager 7.2 Missing Authorization
15.06.2021
Pablo Artuso
Med.
URVE Software Build 24.03.2020 Missing Authorization
30.12.2020
Erik Steltzner
Low
1CRM 8.6.7 Insecure Direct Object Reference
17.09.2020
Andreas Sperber
Med.
WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability
21.06.2018
KingSkrupellos
High
Lenovo ShareIT Information Disclosure / Hardcoded Password
26.01.2016
CoreLabs
High
SAP Afaria 7 Missing Authorization Check
19.06.2015
Vahagn Vardanyan


CVEMAP Search Results

CVE
Details
Description
2021-07-14
Medium
CVE-2021-33671

Vendor: SAP
Software: Netweaver gu...
 

 
SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data.

 
Medium
CVE-2021-33676

Vendor: SAP
Software: Customer rel...
 

 
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.

 
Low
CVE-2021-20747

Vendor: Retty
Software: Retty
 

 
Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

 
Medium
CVE-2021-0597

Vendor: Google
Software: Android
 

 
In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502

 
2021-07-12
Medium
CVE-2020-19038

Vendor: HALO
Software: HALO
 

 
File Deletion vulnerability in Halo 0.4.3 via delBackup.

 
2021-07-08
Medium
CVE-2020-18741

Vendor: Thinksaas
Software: Thinksaas
 

 
Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."

 
2021-06-30
Low
CVE-2021-21676

Vendor: Jenkins
Software: Requests
 

 
Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address.

 
Low
CVE-2021-21674

Vendor: Jenkins
Software: Requests
 

 
A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.

 
2021-06-24
Low
CVE-2021-29959

Vendor: Mozilla
Software: Firefox
 

 
When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.

 
2021-06-22
Medium
CVE-2021-0547

Vendor: Google
Software: Android
 

 
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048

 

 


Copyright 2021, cxsecurity.com

 

Back to Top